]>
Commit | Line | Data |
---|---|---|
72d0e1cb SG |
1 | /* liblxcapi |
2 | * | |
3 | * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>. | |
4 | * Copyright © 2012 Canonical Ltd. | |
5 | * | |
d75462e4 SH |
6 | * This library is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU Lesser General Public | |
8 | * License as published by the Free Software Foundation; either | |
9 | * version 2.1 of the License, or (at your option) any later version. | |
10 | ||
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * Lesser General Public License for more details. | |
15 | ||
16 | * You should have received a copy of the GNU Lesser General Public | |
17 | * License along with this library; if not, write to the Free Software | |
18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
72d0e1cb SG |
19 | */ |
20 | ||
9be53773 | 21 | #define _GNU_SOURCE |
38683db4 | 22 | #include <dirent.h> |
9be53773 | 23 | #include <errno.h> |
93dc5327 | 24 | #include <fcntl.h> |
38683db4 | 25 | #include <grp.h> |
f2363e38 | 26 | #include <libgen.h> |
38683db4 CB |
27 | #include <pthread.h> |
28 | #include <sched.h> | |
29 | #include <stdarg.h> | |
d659597e | 30 | #include <stdint.h> |
9fc7f8c0 | 31 | #include <stdio.h> |
38683db4 CB |
32 | #include <unistd.h> |
33 | #include <arpa/inet.h> | |
66c1f8c2 | 34 | #include <sys/sysmacros.h> |
38683db4 CB |
35 | #include <sys/mman.h> |
36 | #include <sys/mount.h> | |
5f7eba0b | 37 | #include <sys/syscall.h> |
38683db4 CB |
38 | #include <sys/types.h> |
39 | #include <sys/wait.h> | |
f2363e38 | 40 | |
38683db4 | 41 | #include "attach.h" |
d8e48992 CB |
42 | #include "bdev.h" |
43 | #include "lxcoverlay.h" | |
44 | #include "lxcbtrfs.h" | |
38683db4 | 45 | #include "cgroup.h" |
72d0e1cb | 46 | #include "conf.h" |
38683db4 CB |
47 | #include "config.h" |
48 | #include "commands.h" | |
72d0e1cb | 49 | #include "confile.h" |
b5159817 | 50 | #include "console.h" |
e29fe1dd | 51 | #include "criu.h" |
72d0e1cb | 52 | #include "log.h" |
38683db4 CB |
53 | #include "lxc.h" |
54 | #include "lxccontainer.h" | |
55 | #include "lxclock.h" | |
f2363e38 ÇO |
56 | #include "monitor.h" |
57 | #include "namespace.h" | |
fed29fad | 58 | #include "network.h" |
735f2c6e | 59 | #include "sync.h" |
aa460476 | 60 | #include "start.h" |
38683db4 CB |
61 | #include "state.h" |
62 | #include "utils.h" | |
63 | #include "version.h" | |
4ba0d9af | 64 | |
af6824fc ST |
65 | /* major()/minor() */ |
66 | #ifdef MAJOR_IN_MKDEV | |
67 | # include <sys/mkdev.h> | |
68 | #endif | |
af6824fc | 69 | |
4ba0d9af | 70 | #if HAVE_IFADDRS_H |
9c83a661 | 71 | #include <ifaddrs.h> |
4ba0d9af SG |
72 | #else |
73 | #include <../include/ifaddrs.h> | |
74 | #endif | |
72d0e1cb | 75 | |
684f79a5 SG |
76 | #if IS_BIONIC |
77 | #include <../include/lxcmntent.h> | |
78 | #else | |
79 | #include <mntent.h> | |
80 | #endif | |
81 | ||
a9a0ed90 ÇO |
82 | #define MAX_BUFFER 4096 |
83 | ||
c868b261 ÇO |
84 | #define NOT_SUPPORTED_ERROR "the requested function %s is not currently supported with unprivileged containers" |
85 | ||
5f7eba0b SG |
86 | /* Define faccessat() if missing from the C library */ |
87 | #ifndef HAVE_FACCESSAT | |
88 | static int faccessat(int __fd, const char *__file, int __type, int __flag) | |
89 | { | |
90 | #ifdef __NR_faccessat | |
91 | return syscall(__NR_faccessat, __fd, __file, __type, __flag); | |
92 | #else | |
93 | errno = ENOSYS; | |
94 | return -1; | |
95 | #endif | |
96 | } | |
97 | #endif | |
98 | ||
72d0e1cb SG |
99 | lxc_log_define(lxc_container, lxc); |
100 | ||
858377e4 SH |
101 | static bool do_lxcapi_destroy(struct lxc_container *c); |
102 | static const char *lxcapi_get_config_path(struct lxc_container *c); | |
103 | #define do_lxcapi_get_config_path(c) lxcapi_get_config_path(c) | |
104 | static bool do_lxcapi_set_config_item(struct lxc_container *c, const char *key, const char *v); | |
105 | static bool container_destroy(struct lxc_container *c); | |
106 | static bool get_snappath_dir(struct lxc_container *c, char *snappath); | |
107 | static bool lxcapi_snapshot_destroy_all(struct lxc_container *c); | |
108 | static bool do_lxcapi_save_config(struct lxc_container *c, const char *alt_file); | |
109 | ||
a41f104b SH |
110 | static bool config_file_exists(const char *lxcpath, const char *cname) |
111 | { | |
112 | /* $lxcpath + '/' + $cname + '/config' + \0 */ | |
113 | int ret, len = strlen(lxcpath) + strlen(cname) + 9; | |
114 | char *fname = alloca(len); | |
115 | ||
116 | ret = snprintf(fname, len, "%s/%s/config", lxcpath, cname); | |
117 | if (ret < 0 || ret >= len) | |
118 | return false; | |
119 | ||
120 | return file_exists(fname); | |
121 | } | |
122 | ||
3e625e2d SH |
123 | /* |
124 | * A few functions to help detect when a container creation failed. | |
125 | * If a container creation was killed partway through, then trying | |
126 | * to actually start that container could harm the host. We detect | |
127 | * this by creating a 'partial' file under the container directory, | |
128 | * and keeping an advisory lock. When container creation completes, | |
129 | * we remove that file. When we load or try to start a container, if | |
130 | * we find that file, without a flock, we remove the container. | |
131 | */ | |
74a3920a | 132 | static int ongoing_create(struct lxc_container *c) |
3e625e2d SH |
133 | { |
134 | int len = strlen(c->config_path) + strlen(c->name) + 10; | |
135 | char *path = alloca(len); | |
136 | int fd, ret; | |
93dc5327 SH |
137 | struct flock lk; |
138 | ||
3e625e2d SH |
139 | ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name); |
140 | if (ret < 0 || ret >= len) { | |
141 | ERROR("Error writing partial pathname"); | |
142 | return -1; | |
143 | } | |
144 | ||
145 | if (!file_exists(path)) | |
146 | return 0; | |
025ed0f3 | 147 | fd = open(path, O_RDWR); |
025ed0f3 | 148 | if (fd < 0) { |
3e625e2d SH |
149 | // give benefit of the doubt |
150 | SYSERROR("Error opening partial file"); | |
3e625e2d SH |
151 | return 0; |
152 | } | |
93dc5327 SH |
153 | lk.l_type = F_WRLCK; |
154 | lk.l_whence = SEEK_SET; | |
155 | lk.l_start = 0; | |
156 | lk.l_len = 0; | |
157 | lk.l_pid = -1; | |
158 | if (fcntl(fd, F_GETLK, &lk) == 0 && lk.l_pid != -1) { | |
3e625e2d SH |
159 | // create is still ongoing |
160 | close(fd); | |
3e625e2d SH |
161 | return 1; |
162 | } | |
163 | // create completed but partial is still there. | |
164 | close(fd); | |
3e625e2d SH |
165 | return 2; |
166 | } | |
167 | ||
74a3920a | 168 | static int create_partial(struct lxc_container *c) |
3e625e2d SH |
169 | { |
170 | // $lxcpath + '/' + $name + '/partial' + \0 | |
171 | int len = strlen(c->config_path) + strlen(c->name) + 10; | |
172 | char *path = alloca(len); | |
173 | int fd, ret; | |
93dc5327 SH |
174 | struct flock lk; |
175 | ||
3e625e2d SH |
176 | ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name); |
177 | if (ret < 0 || ret >= len) { | |
178 | ERROR("Error writing partial pathname"); | |
179 | return -1; | |
180 | } | |
93dc5327 | 181 | if ((fd=open(path, O_RDWR | O_CREAT | O_EXCL, 0755)) < 0) { |
740fe426 | 182 | SYSERROR("Error creating partial file"); |
3e625e2d SH |
183 | return -1; |
184 | } | |
93dc5327 SH |
185 | lk.l_type = F_WRLCK; |
186 | lk.l_whence = SEEK_SET; | |
187 | lk.l_start = 0; | |
188 | lk.l_len = 0; | |
189 | if (fcntl(fd, F_SETLKW, &lk) < 0) { | |
3e625e2d SH |
190 | SYSERROR("Error locking partial file %s", path); |
191 | close(fd); | |
3e625e2d SH |
192 | return -1; |
193 | } | |
3e625e2d SH |
194 | |
195 | return fd; | |
196 | } | |
197 | ||
74a3920a | 198 | static void remove_partial(struct lxc_container *c, int fd) |
3e625e2d SH |
199 | { |
200 | // $lxcpath + '/' + $name + '/partial' + \0 | |
201 | int len = strlen(c->config_path) + strlen(c->name) + 10; | |
202 | char *path = alloca(len); | |
203 | int ret; | |
204 | ||
205 | close(fd); | |
206 | ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name); | |
207 | if (ret < 0 || ret >= len) { | |
208 | ERROR("Error writing partial pathname"); | |
209 | return; | |
210 | } | |
3e625e2d SH |
211 | if (unlink(path) < 0) |
212 | SYSERROR("Error unlink partial file %s", path); | |
3e625e2d SH |
213 | } |
214 | ||
72d0e1cb | 215 | /* LOCKING |
3bc449ed SH |
216 | * 1. container_mem_lock(c) protects the struct lxc_container from multiple threads. |
217 | * 2. container_disk_lock(c) protects the on-disk container data - in particular the | |
218 | * container configuration file. | |
219 | * The container_disk_lock also takes the container_mem_lock. | |
220 | * 3. thread_mutex protects process data (ex: fd table) from multiple threads. | |
72d0e1cb SG |
221 | * NOTHING mutexes two independent programs with their own struct |
222 | * lxc_container for the same c->name, between API calls. For instance, | |
223 | * c->config_read(); c->start(); Between those calls, data on disk | |
224 | * could change (which shouldn't bother the caller unless for instance | |
225 | * the rootfs get moved). c->config_read(); update; c->config_write(); | |
226 | * Two such updaters could race. The callers should therefore check their | |
227 | * results. Trying to prevent that would necessarily expose us to deadlocks | |
228 | * due to hung callers. So I prefer to keep the locks only within our own | |
229 | * functions, not across functions. | |
230 | * | |
3bc449ed | 231 | * If you're going to clone while holding a lxccontainer, increment |
72d0e1cb SG |
232 | * c->numthreads (under privlock) before forking. When deleting, |
233 | * decrement numthreads under privlock, then if it hits 0 you can delete. | |
234 | * Do not ever use a lxccontainer whose numthreads you did not bump. | |
235 | */ | |
236 | ||
237 | static void lxc_container_free(struct lxc_container *c) | |
238 | { | |
239 | if (!c) | |
240 | return; | |
241 | ||
f10fad2f ME |
242 | free(c->configfile); |
243 | c->configfile = NULL; | |
244 | free(c->error_string); | |
245 | c->error_string = NULL; | |
d95db067 | 246 | if (c->slock) { |
df271a59 | 247 | lxc_putlock(c->slock); |
d95db067 DE |
248 | c->slock = NULL; |
249 | } | |
72d0e1cb | 250 | if (c->privlock) { |
df271a59 | 251 | lxc_putlock(c->privlock); |
72d0e1cb SG |
252 | c->privlock = NULL; |
253 | } | |
f10fad2f ME |
254 | free(c->name); |
255 | c->name = NULL; | |
d95db067 DE |
256 | if (c->lxc_conf) { |
257 | lxc_conf_free(c->lxc_conf); | |
258 | c->lxc_conf = NULL; | |
259 | } | |
f10fad2f ME |
260 | free(c->config_path); |
261 | c->config_path = NULL; | |
72cf75fa | 262 | |
72d0e1cb SG |
263 | free(c); |
264 | } | |
265 | ||
43d1aa34 SH |
266 | /* |
267 | * Consider the following case: | |
268 | freer | racing get()er | |
269 | ================================================================== | |
270 | lxc_container_put() | lxc_container_get() | |
271 | \ lxclock(c->privlock) | c->numthreads < 1? (no) | |
272 | \ c->numthreads = 0 | \ lxclock(c->privlock) -> waits | |
273 | \ lxcunlock() | \ | |
274 | \ lxc_container_free() | \ lxclock() returns | |
275 | | \ c->numthreads < 1 -> return 0 | |
276 | \ \ (free stuff) | | |
277 | \ \ sem_destroy(privlock) | | |
278 | ||
279 | * When the get()er checks numthreads the first time, one of the following | |
280 | * is true: | |
281 | * 1. freer has set numthreads = 0. get() returns 0 | |
282 | * 2. freer is between lxclock and setting numthreads to 0. get()er will | |
283 | * sem_wait on privlock, get lxclock after freer() drops it, then see | |
284 | * numthreads is 0 and exit without touching lxclock again.. | |
285 | * 3. freer has not yet locked privlock. If get()er runs first, then put()er | |
286 | * will see --numthreads = 1 and not call lxc_container_free(). | |
287 | */ | |
288 | ||
72d0e1cb SG |
289 | int lxc_container_get(struct lxc_container *c) |
290 | { | |
291 | if (!c) | |
292 | return 0; | |
293 | ||
43d1aa34 SH |
294 | // if someone else has already started freeing the container, don't |
295 | // try to take the lock, which may be invalid | |
296 | if (c->numthreads < 1) | |
297 | return 0; | |
298 | ||
5cee8c50 | 299 | if (container_mem_lock(c)) |
72d0e1cb SG |
300 | return 0; |
301 | if (c->numthreads < 1) { | |
302 | // bail without trying to unlock, bc the privlock is now probably | |
303 | // in freed memory | |
304 | return 0; | |
305 | } | |
306 | c->numthreads++; | |
5cee8c50 | 307 | container_mem_unlock(c); |
72d0e1cb SG |
308 | return 1; |
309 | } | |
310 | ||
311 | int lxc_container_put(struct lxc_container *c) | |
312 | { | |
313 | if (!c) | |
314 | return -1; | |
5cee8c50 | 315 | if (container_mem_lock(c)) |
72d0e1cb SG |
316 | return -1; |
317 | if (--c->numthreads < 1) { | |
5cee8c50 | 318 | container_mem_unlock(c); |
72d0e1cb SG |
319 | lxc_container_free(c); |
320 | return 1; | |
321 | } | |
5cee8c50 | 322 | container_mem_unlock(c); |
72d0e1cb SG |
323 | return 0; |
324 | } | |
325 | ||
858377e4 | 326 | static bool do_lxcapi_is_defined(struct lxc_container *c) |
72d0e1cb SG |
327 | { |
328 | struct stat statbuf; | |
329 | bool ret = false; | |
330 | int statret; | |
331 | ||
332 | if (!c) | |
333 | return false; | |
334 | ||
5cee8c50 | 335 | if (container_mem_lock(c)) |
72d0e1cb SG |
336 | return false; |
337 | if (!c->configfile) | |
338 | goto out; | |
339 | statret = stat(c->configfile, &statbuf); | |
340 | if (statret != 0) | |
341 | goto out; | |
342 | ret = true; | |
343 | ||
344 | out: | |
5cee8c50 | 345 | container_mem_unlock(c); |
72d0e1cb SG |
346 | return ret; |
347 | } | |
348 | ||
858377e4 SH |
349 | #define WRAP_API(rettype, fnname) \ |
350 | static rettype fnname(struct lxc_container *c) \ | |
351 | { \ | |
352 | rettype ret; \ | |
8164f0e2 TA |
353 | bool reset_config = false; \ |
354 | \ | |
355 | if (!current_config && c && c->lxc_conf) { \ | |
356 | current_config = c->lxc_conf; \ | |
357 | reset_config = true; \ | |
358 | } \ | |
359 | \ | |
858377e4 | 360 | ret = do_##fnname(c); \ |
8164f0e2 TA |
361 | if (reset_config) \ |
362 | current_config = NULL; \ | |
363 | \ | |
858377e4 SH |
364 | return ret; \ |
365 | } | |
366 | ||
367 | #define WRAP_API_1(rettype, fnname, t1) \ | |
368 | static rettype fnname(struct lxc_container *c, t1 a1) \ | |
369 | { \ | |
370 | rettype ret; \ | |
8164f0e2 TA |
371 | bool reset_config = false; \ |
372 | \ | |
373 | if (!current_config && c && c->lxc_conf) { \ | |
374 | current_config = c->lxc_conf; \ | |
375 | reset_config = true; \ | |
376 | } \ | |
377 | \ | |
858377e4 | 378 | ret = do_##fnname(c, a1); \ |
8164f0e2 TA |
379 | if (reset_config) \ |
380 | current_config = NULL; \ | |
381 | \ | |
858377e4 SH |
382 | return ret; \ |
383 | } | |
384 | ||
385 | #define WRAP_API_2(rettype, fnname, t1, t2) \ | |
386 | static rettype fnname(struct lxc_container *c, t1 a1, t2 a2) \ | |
387 | { \ | |
388 | rettype ret; \ | |
8164f0e2 TA |
389 | bool reset_config = false; \ |
390 | \ | |
391 | if (!current_config && c && c->lxc_conf) { \ | |
392 | current_config = c->lxc_conf; \ | |
393 | reset_config = true; \ | |
394 | } \ | |
395 | \ | |
858377e4 | 396 | ret = do_##fnname(c, a1, a2); \ |
8164f0e2 TA |
397 | if (reset_config) \ |
398 | current_config = NULL; \ | |
399 | \ | |
858377e4 SH |
400 | return ret; \ |
401 | } | |
402 | ||
403 | #define WRAP_API_3(rettype, fnname, t1, t2, t3) \ | |
404 | static rettype fnname(struct lxc_container *c, t1 a1, t2 a2, t3 a3) \ | |
405 | { \ | |
406 | rettype ret; \ | |
8164f0e2 TA |
407 | bool reset_config = false; \ |
408 | \ | |
409 | if (!current_config && c && c->lxc_conf) { \ | |
410 | current_config = c->lxc_conf; \ | |
411 | reset_config = true; \ | |
412 | } \ | |
413 | \ | |
858377e4 | 414 | ret = do_##fnname(c, a1, a2, a3); \ |
8164f0e2 TA |
415 | if (reset_config) \ |
416 | current_config = NULL; \ | |
417 | \ | |
858377e4 SH |
418 | return ret; \ |
419 | } | |
420 | ||
421 | WRAP_API(bool, lxcapi_is_defined) | |
422 | ||
423 | static const char *do_lxcapi_state(struct lxc_container *c) | |
72d0e1cb | 424 | { |
72d0e1cb SG |
425 | lxc_state_t s; |
426 | ||
427 | if (!c) | |
428 | return NULL; | |
13f5be62 | 429 | s = lxc_getstate(c->name, c->config_path); |
39dc698c | 430 | return lxc_state2str(s); |
72d0e1cb SG |
431 | } |
432 | ||
858377e4 SH |
433 | WRAP_API(const char *, lxcapi_state) |
434 | ||
39dc698c | 435 | static bool is_stopped(struct lxc_container *c) |
794dd120 SH |
436 | { |
437 | lxc_state_t s; | |
13f5be62 | 438 | s = lxc_getstate(c->name, c->config_path); |
794dd120 SH |
439 | return (s == STOPPED); |
440 | } | |
441 | ||
858377e4 | 442 | static bool do_lxcapi_is_running(struct lxc_container *c) |
72d0e1cb SG |
443 | { |
444 | const char *s; | |
445 | ||
446 | if (!c) | |
447 | return false; | |
858377e4 | 448 | s = do_lxcapi_state(c); |
72d0e1cb SG |
449 | if (!s || strcmp(s, "STOPPED") == 0) |
450 | return false; | |
451 | return true; | |
452 | } | |
453 | ||
858377e4 SH |
454 | WRAP_API(bool, lxcapi_is_running) |
455 | ||
456 | static bool do_lxcapi_freeze(struct lxc_container *c) | |
72d0e1cb SG |
457 | { |
458 | int ret; | |
459 | if (!c) | |
460 | return false; | |
461 | ||
9123e471 | 462 | ret = lxc_freeze(c->name, c->config_path); |
72d0e1cb SG |
463 | if (ret) |
464 | return false; | |
465 | return true; | |
466 | } | |
467 | ||
858377e4 SH |
468 | WRAP_API(bool, lxcapi_freeze) |
469 | ||
470 | static bool do_lxcapi_unfreeze(struct lxc_container *c) | |
72d0e1cb SG |
471 | { |
472 | int ret; | |
473 | if (!c) | |
474 | return false; | |
475 | ||
9123e471 | 476 | ret = lxc_unfreeze(c->name, c->config_path); |
72d0e1cb SG |
477 | if (ret) |
478 | return false; | |
479 | return true; | |
480 | } | |
481 | ||
858377e4 SH |
482 | WRAP_API(bool, lxcapi_unfreeze) |
483 | ||
484 | static int do_lxcapi_console_getfd(struct lxc_container *c, int *ttynum, int *masterfd) | |
0115f8fd DE |
485 | { |
486 | int ttyfd; | |
487 | if (!c) | |
488 | return -1; | |
489 | ||
b5159817 | 490 | ttyfd = lxc_console_getfd(c, ttynum, masterfd); |
0115f8fd DE |
491 | return ttyfd; |
492 | } | |
493 | ||
858377e4 SH |
494 | WRAP_API_2(int, lxcapi_console_getfd, int *, int *) |
495 | ||
b5159817 DE |
496 | static int lxcapi_console(struct lxc_container *c, int ttynum, int stdinfd, |
497 | int stdoutfd, int stderrfd, int escape) | |
498 | { | |
858377e4 SH |
499 | int ret; |
500 | ||
501 | if (!c) | |
502 | return -1; | |
503 | ||
504 | current_config = c->lxc_conf; | |
505 | ret = lxc_console(c, ttynum, stdinfd, stdoutfd, stderrfd, escape); | |
506 | current_config = NULL; | |
507 | return ret; | |
b5159817 DE |
508 | } |
509 | ||
858377e4 | 510 | static pid_t do_lxcapi_init_pid(struct lxc_container *c) |
72d0e1cb | 511 | { |
72d0e1cb SG |
512 | if (!c) |
513 | return -1; | |
514 | ||
5cee8c50 | 515 | return lxc_cmd_get_init_pid(c->name, c->config_path); |
72d0e1cb SG |
516 | } |
517 | ||
858377e4 SH |
518 | WRAP_API(pid_t, lxcapi_init_pid) |
519 | ||
12a50cc6 | 520 | static bool load_config_locked(struct lxc_container *c, const char *fname) |
8eb5694b SH |
521 | { |
522 | if (!c->lxc_conf) | |
523 | c->lxc_conf = lxc_conf_init(); | |
6b0d5538 SH |
524 | if (!c->lxc_conf) |
525 | return false; | |
d08779d4 SH |
526 | if (lxc_config_read(fname, c->lxc_conf, false) != 0) |
527 | return false; | |
d08779d4 | 528 | return true; |
8eb5694b SH |
529 | } |
530 | ||
858377e4 | 531 | static bool do_lxcapi_load_config(struct lxc_container *c, const char *alt_file) |
72d0e1cb | 532 | { |
39dc698c SH |
533 | bool ret = false, need_disklock = false; |
534 | int lret; | |
12a50cc6 | 535 | const char *fname; |
72d0e1cb SG |
536 | if (!c) |
537 | return false; | |
538 | ||
539 | fname = c->configfile; | |
540 | if (alt_file) | |
541 | fname = alt_file; | |
542 | if (!fname) | |
543 | return false; | |
39dc698c SH |
544 | /* |
545 | * If we're reading something other than the container's config, | |
546 | * we only need to lock the in-memory container. If loading the | |
547 | * container's config file, take the disk lock. | |
548 | */ | |
549 | if (strcmp(fname, c->configfile) == 0) | |
550 | need_disklock = true; | |
551 | ||
552 | if (need_disklock) | |
553 | lret = container_disk_lock(c); | |
554 | else | |
555 | lret = container_mem_lock(c); | |
556 | if (lret) | |
72d0e1cb | 557 | return false; |
39dc698c | 558 | |
8eb5694b | 559 | ret = load_config_locked(c, fname); |
39dc698c SH |
560 | |
561 | if (need_disklock) | |
562 | container_disk_unlock(c); | |
563 | else | |
564 | container_mem_unlock(c); | |
72d0e1cb SG |
565 | return ret; |
566 | } | |
567 | ||
858377e4 SH |
568 | WRAP_API_1(bool, lxcapi_load_config, const char *) |
569 | ||
570 | static bool do_lxcapi_want_daemonize(struct lxc_container *c, bool state) | |
72d0e1cb | 571 | { |
497a2995 | 572 | if (!c || !c->lxc_conf) |
540f932a | 573 | return false; |
f02abefe | 574 | if (container_mem_lock(c)) { |
3bc449ed | 575 | ERROR("Error getting mem lock"); |
540f932a | 576 | return false; |
3bc449ed | 577 | } |
a2739df5 | 578 | c->daemonize = state; |
3bc449ed | 579 | container_mem_unlock(c); |
540f932a | 580 | return true; |
72d0e1cb SG |
581 | } |
582 | ||
858377e4 SH |
583 | WRAP_API_1(bool, lxcapi_want_daemonize, bool) |
584 | ||
585 | static bool do_lxcapi_want_close_all_fds(struct lxc_container *c, bool state) | |
130a1888 ÇO |
586 | { |
587 | if (!c || !c->lxc_conf) | |
49badbbe | 588 | return false; |
130a1888 ÇO |
589 | if (container_mem_lock(c)) { |
590 | ERROR("Error getting mem lock"); | |
49badbbe | 591 | return false; |
130a1888 | 592 | } |
540f932a | 593 | c->lxc_conf->close_all_fds = state; |
130a1888 | 594 | container_mem_unlock(c); |
49badbbe | 595 | return true; |
130a1888 ÇO |
596 | } |
597 | ||
858377e4 SH |
598 | WRAP_API_1(bool, lxcapi_want_close_all_fds, bool) |
599 | ||
600 | static bool do_lxcapi_wait(struct lxc_container *c, const char *state, int timeout) | |
7a44c8b4 SG |
601 | { |
602 | int ret; | |
603 | ||
604 | if (!c) | |
605 | return false; | |
606 | ||
67e571de | 607 | ret = lxc_wait(c->name, state, timeout, c->config_path); |
7a44c8b4 SG |
608 | return ret == 0; |
609 | } | |
610 | ||
858377e4 | 611 | WRAP_API_2(bool, lxcapi_wait, const char *, int) |
7a44c8b4 | 612 | |
858377e4 | 613 | static bool do_wait_on_daemonized_start(struct lxc_container *c, int pid) |
7a44c8b4 SG |
614 | { |
615 | /* we'll probably want to make this timeout configurable? */ | |
697fa639 | 616 | int timeout = 5, ret, status; |
7a44c8b4 | 617 | |
697fa639 SH |
618 | /* |
619 | * our child is going to fork again, then exit. reap the | |
620 | * child | |
621 | */ | |
03f064ff | 622 | ret = waitpid(pid, &status, 0); |
697fa639 SH |
623 | if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) |
624 | DEBUG("failed waiting for first dual-fork child"); | |
858377e4 | 625 | return do_lxcapi_wait(c, "RUNNING", timeout); |
7a44c8b4 SG |
626 | } |
627 | ||
858377e4 SH |
628 | WRAP_API_1(bool, wait_on_daemonized_start, int) |
629 | ||
2d834aa8 SH |
630 | static bool am_single_threaded(void) |
631 | { | |
74f96976 | 632 | struct dirent *direntp; |
2d834aa8 SH |
633 | DIR *dir; |
634 | int count=0; | |
635 | ||
2d834aa8 | 636 | dir = opendir("/proc/self/task"); |
2d834aa8 SH |
637 | if (!dir) { |
638 | INFO("failed to open /proc/self/task"); | |
639 | return false; | |
640 | } | |
641 | ||
74f96976 | 642 | while ((direntp = readdir(dir))) { |
2d834aa8 SH |
643 | if (!direntp) |
644 | break; | |
645 | ||
646 | if (!strcmp(direntp->d_name, ".")) | |
647 | continue; | |
648 | ||
649 | if (!strcmp(direntp->d_name, "..")) | |
650 | continue; | |
651 | if (++count > 1) | |
652 | break; | |
653 | } | |
2d834aa8 | 654 | closedir(dir); |
2d834aa8 SH |
655 | return count == 1; |
656 | } | |
657 | ||
fd51a89b SH |
658 | static void push_arg(char ***argp, char *arg, int *nargs) |
659 | { | |
660 | char **argv; | |
661 | char *copy; | |
662 | ||
663 | do { | |
664 | copy = strdup(arg); | |
665 | } while (!copy); | |
666 | do { | |
667 | argv = realloc(*argp, (*nargs + 2) * sizeof(char *)); | |
668 | } while (!argv); | |
669 | *argp = argv; | |
670 | argv[*nargs] = copy; | |
671 | (*nargs)++; | |
672 | argv[*nargs] = NULL; | |
673 | } | |
674 | ||
675 | static char **split_init_cmd(const char *incmd) | |
676 | { | |
677 | size_t len; | |
678 | int nargs = 0; | |
5590a671 | 679 | char *copy, *p, *saveptr = NULL; |
fd51a89b SH |
680 | char **argv; |
681 | ||
682 | if (!incmd) | |
683 | return NULL; | |
684 | ||
685 | len = strlen(incmd) + 1; | |
686 | copy = alloca(len); | |
687 | strncpy(copy, incmd, len); | |
688 | copy[len-1] = '\0'; | |
689 | ||
690 | do { | |
691 | argv = malloc(sizeof(char *)); | |
692 | } while (!argv); | |
693 | argv[0] = NULL; | |
694 | for (p = strtok_r(copy, " ", &saveptr); p != NULL; | |
695 | p = strtok_r(NULL, " ", &saveptr)) | |
696 | push_arg(&argv, p, &nargs); | |
697 | ||
698 | if (nargs == 0) { | |
699 | free(argv); | |
700 | return NULL; | |
701 | } | |
702 | return argv; | |
703 | } | |
704 | ||
705 | static void free_init_cmd(char **argv) | |
706 | { | |
707 | int i = 0; | |
708 | ||
709 | if (!argv) | |
710 | return; | |
711 | while (argv[i]) | |
712 | free(argv[i++]); | |
713 | free(argv); | |
714 | } | |
715 | ||
858377e4 | 716 | static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const argv[]) |
72d0e1cb SG |
717 | { |
718 | int ret; | |
aa460476 | 719 | struct lxc_handler *handler; |
72d0e1cb | 720 | struct lxc_conf *conf; |
540f932a | 721 | bool daemonize = false; |
6eaac303 | 722 | FILE *pid_fp = NULL; |
72d0e1cb SG |
723 | char *default_args[] = { |
724 | "/sbin/init", | |
13aad0ae | 725 | NULL, |
72d0e1cb | 726 | }; |
fd51a89b | 727 | char **init_cmd = NULL; |
72d0e1cb SG |
728 | |
729 | /* container exists */ | |
730 | if (!c) | |
731 | return false; | |
120146b9 SG |
732 | |
733 | /* If anything fails before we set error_num, we want an error in there */ | |
734 | c->error_num = 1; | |
735 | ||
aa460476 | 736 | /* container has not been setup */ |
72d0e1cb SG |
737 | if (!c->lxc_conf) |
738 | return false; | |
739 | ||
3e625e2d SH |
740 | if ((ret = ongoing_create(c)) < 0) { |
741 | ERROR("Error checking for incomplete creation"); | |
742 | return false; | |
743 | } | |
744 | if (ret == 2) { | |
745 | ERROR("Error: %s creation was not completed", c->name); | |
858377e4 | 746 | do_lxcapi_destroy(c); |
3e625e2d SH |
747 | return false; |
748 | } else if (ret == 1) { | |
749 | ERROR("Error: creation of %s is ongoing", c->name); | |
750 | return false; | |
751 | } | |
752 | ||
72d0e1cb SG |
753 | /* is this app meant to be run through lxcinit, as in lxc-execute? */ |
754 | if (useinit && !argv) | |
755 | return false; | |
756 | ||
5cee8c50 | 757 | if (container_mem_lock(c)) |
72d0e1cb SG |
758 | return false; |
759 | conf = c->lxc_conf; | |
760 | daemonize = c->daemonize; | |
72d0e1cb | 761 | |
aa460476 CB |
762 | /* initialize handler */ |
763 | handler = lxc_init_handler(c->name, conf, c->config_path); | |
dbc9832d | 764 | container_mem_unlock(c); |
aa460476 CB |
765 | if (!handler) |
766 | return false; | |
767 | ||
72d0e1cb | 768 | if (useinit) { |
aa460476 CB |
769 | TRACE("calling \"lxc_execute\""); |
770 | ret = lxc_execute(c->name, argv, 1, handler, c->config_path, | |
771 | daemonize); | |
772 | c->error_num = ret; | |
72d0e1cb SG |
773 | return ret == 0 ? true : false; |
774 | } | |
775 | ||
fd51a89b SH |
776 | /* if no argv was passed in, use lxc.init_cmd if provided in |
777 | * configuration */ | |
778 | if (!argv) | |
779 | argv = init_cmd = split_init_cmd(conf->init_cmd); | |
780 | ||
781 | /* ... and otherwise use default_args */ | |
782 | if (!argv) | |
783 | argv = default_args; | |
72d0e1cb SG |
784 | |
785 | /* | |
786 | * say, I'm not sure - what locks do we want here? Any? | |
787 | * Is liblxc's locking enough here to protect the on disk | |
788 | * container? We don't want to exclude things like lxc_info | |
789 | * while container is running... | |
790 | */ | |
791 | if (daemonize) { | |
0a4be28d | 792 | char title[2048]; |
71454076 | 793 | |
72d0e1cb | 794 | pid_t pid = fork(); |
f2e07cb6 CB |
795 | if (pid < 0) { |
796 | lxc_free_handler(handler); | |
72d0e1cb | 797 | return false; |
f2e07cb6 | 798 | } |
6eaac303 QH |
799 | |
800 | if (pid != 0) { | |
801 | /* Set to NULL because we don't want father unlink | |
802 | * the PID file, child will do the free and unlink. | |
803 | */ | |
804 | c->pidfile = NULL; | |
dbc9832d | 805 | close(handler->conf->maincmd_fd); |
03f064ff | 806 | return wait_on_daemonized_start(c, pid); |
6eaac303 | 807 | } |
025ed0f3 | 808 | |
0a4be28d TA |
809 | /* We don't really care if this doesn't print all the |
810 | * characters; all that it means is that the proctitle will be | |
811 | * ugly. Similarly, we also don't care if setproctitle() | |
812 | * fails. */ | |
813 | snprintf(title, sizeof(title), "[lxc monitor] %s %s", c->config_path, c->name); | |
814 | INFO("Attempting to set proc title to %s", title); | |
815 | setproctitle(title); | |
816 | ||
697fa639 SH |
817 | /* second fork to be reparented by init */ |
818 | pid = fork(); | |
819 | if (pid < 0) { | |
820 | SYSERROR("Error doing dual-fork"); | |
13353dc4 | 821 | exit(1); |
697fa639 SH |
822 | } |
823 | if (pid != 0) | |
824 | exit(0); | |
72d0e1cb | 825 | /* like daemon(), chdir to / and redirect 0,1,2 to /dev/null */ |
c278cef2 SH |
826 | if (chdir("/")) { |
827 | SYSERROR("Error chdir()ing to /."); | |
13353dc4 | 828 | exit(1); |
c278cef2 | 829 | } |
aa460476 | 830 | lxc_check_inherited(conf, true, handler->conf->maincmd_fd); |
69aeabac TA |
831 | if (null_stdfds() < 0) { |
832 | ERROR("failed to close fds"); | |
13353dc4 | 833 | exit(1); |
69aeabac | 834 | } |
72d0e1cb | 835 | setsid(); |
2d834aa8 SH |
836 | } else { |
837 | if (!am_single_threaded()) { | |
838 | ERROR("Cannot start non-daemonized container when threaded"); | |
f2e07cb6 | 839 | lxc_free_handler(handler); |
2d834aa8 SH |
840 | return false; |
841 | } | |
72d0e1cb SG |
842 | } |
843 | ||
aa460476 | 844 | /* We need to write PID file after daemonize, so we always |
6eaac303 QH |
845 | * write the right PID. |
846 | */ | |
847 | if (c->pidfile) { | |
848 | pid_fp = fopen(c->pidfile, "w"); | |
849 | if (pid_fp == NULL) { | |
850 | SYSERROR("Failed to create pidfile '%s' for '%s'", | |
851 | c->pidfile, c->name); | |
f2e07cb6 | 852 | lxc_free_handler(handler); |
13353dc4 SH |
853 | if (daemonize) |
854 | exit(1); | |
6eaac303 QH |
855 | return false; |
856 | } | |
857 | ||
858 | if (fprintf(pid_fp, "%d\n", getpid()) < 0) { | |
859 | SYSERROR("Failed to write '%s'", c->pidfile); | |
860 | fclose(pid_fp); | |
861 | pid_fp = NULL; | |
f2e07cb6 | 862 | lxc_free_handler(handler); |
13353dc4 SH |
863 | if (daemonize) |
864 | exit(1); | |
6eaac303 QH |
865 | return false; |
866 | } | |
867 | ||
868 | fclose(pid_fp); | |
869 | pid_fp = NULL; | |
870 | } | |
871 | ||
72d0e1cb | 872 | conf->reboot = 0; |
d2cf4c37 | 873 | |
a8dfe4e0 WB |
874 | /* Unshare the mount namespace if requested */ |
875 | if (conf->monitor_unshare) { | |
876 | if (unshare(CLONE_NEWNS)) { | |
877 | SYSERROR("failed to unshare mount namespace"); | |
f2e07cb6 | 878 | lxc_free_handler(handler); |
a8dfe4e0 WB |
879 | return false; |
880 | } | |
881 | if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL)) { | |
882 | SYSERROR("Failed to make / rslave at startup"); | |
f2e07cb6 | 883 | lxc_free_handler(handler); |
a8dfe4e0 WB |
884 | return false; |
885 | } | |
886 | } | |
887 | ||
8bee8851 | 888 | reboot: |
aa460476 CB |
889 | if (conf->reboot == 2) { |
890 | /* initialize handler */ | |
891 | handler = lxc_init_handler(c->name, conf, c->config_path); | |
892 | if (!handler) | |
893 | goto out; | |
894 | } | |
895 | ||
896 | if (lxc_check_inherited(conf, daemonize, handler->conf->maincmd_fd)) { | |
d2cf4c37 | 897 | ERROR("Inherited fds found"); |
f2e07cb6 | 898 | lxc_free_handler(handler); |
d2cf4c37 SH |
899 | ret = 1; |
900 | goto out; | |
901 | } | |
902 | ||
aa460476 | 903 | ret = lxc_start(c->name, argv, handler, c->config_path, daemonize); |
d4ef230c | 904 | c->error_num = ret; |
72d0e1cb | 905 | |
8bee8851 | 906 | if (conf->reboot == 1) { |
72d0e1cb | 907 | INFO("container requested reboot"); |
8bee8851 | 908 | conf->reboot = 2; |
72d0e1cb SG |
909 | goto reboot; |
910 | } | |
911 | ||
d2cf4c37 | 912 | out: |
487d8008 QH |
913 | if (c->pidfile) { |
914 | unlink(c->pidfile); | |
915 | free(c->pidfile); | |
916 | c->pidfile = NULL; | |
917 | } | |
fd51a89b SH |
918 | free_init_cmd(init_cmd); |
919 | ||
844f7a38 | 920 | if (daemonize) |
aa460476 CB |
921 | exit(ret == 0 ? true : false); |
922 | return (ret == 0 ? true : false); | |
72d0e1cb SG |
923 | } |
924 | ||
858377e4 SH |
925 | static bool lxcapi_start(struct lxc_container *c, int useinit, char * const argv[]) |
926 | { | |
927 | bool ret; | |
928 | current_config = c ? c->lxc_conf : NULL; | |
929 | ret = do_lxcapi_start(c, useinit, argv); | |
930 | current_config = NULL; | |
931 | return ret; | |
932 | } | |
933 | ||
72d0e1cb SG |
934 | /* |
935 | * note there MUST be an ending NULL | |
936 | */ | |
937 | static bool lxcapi_startl(struct lxc_container *c, int useinit, ...) | |
938 | { | |
939 | va_list ap; | |
a0e93eeb | 940 | char **inargs = NULL; |
72d0e1cb SG |
941 | bool bret = false; |
942 | ||
943 | /* container exists */ | |
944 | if (!c) | |
945 | return false; | |
946 | ||
858377e4 SH |
947 | current_config = c->lxc_conf; |
948 | ||
72d0e1cb | 949 | va_start(ap, useinit); |
a0e93eeb | 950 | inargs = lxc_va_arg_list_to_argv(ap, 0, 1); |
72d0e1cb SG |
951 | va_end(ap); |
952 | ||
a0e93eeb CS |
953 | if (!inargs) { |
954 | ERROR("Memory allocation error."); | |
955 | goto out; | |
72d0e1cb SG |
956 | } |
957 | ||
a0e93eeb | 958 | /* pass NULL if no arguments were supplied */ |
858377e4 | 959 | bret = do_lxcapi_start(c, useinit, *inargs ? inargs : NULL); |
72d0e1cb SG |
960 | |
961 | out: | |
962 | if (inargs) { | |
4e03ae57 DE |
963 | char **arg; |
964 | for (arg = inargs; *arg; arg++) | |
965 | free(*arg); | |
72d0e1cb SG |
966 | free(inargs); |
967 | } | |
968 | ||
858377e4 | 969 | current_config = NULL; |
72d0e1cb SG |
970 | return bret; |
971 | } | |
972 | ||
858377e4 | 973 | static bool do_lxcapi_stop(struct lxc_container *c) |
72d0e1cb SG |
974 | { |
975 | int ret; | |
976 | ||
977 | if (!c) | |
978 | return false; | |
979 | ||
ef6e34ee | 980 | ret = lxc_cmd_stop(c->name, c->config_path); |
72d0e1cb | 981 | |
d775f21b | 982 | return ret == 0; |
72d0e1cb SG |
983 | } |
984 | ||
858377e4 SH |
985 | WRAP_API(bool, lxcapi_stop) |
986 | ||
d5752559 SH |
987 | static int do_create_container_dir(const char *path, struct lxc_conf *conf) |
988 | { | |
989 | int ret = -1, lasterr; | |
990 | char *p = alloca(strlen(path)+1); | |
991 | mode_t mask = umask(0002); | |
992 | ret = mkdir(path, 0770); | |
993 | lasterr = errno; | |
994 | umask(mask); | |
995 | errno = lasterr; | |
996 | if (ret) { | |
997 | if (errno == EEXIST) | |
998 | ret = 0; | |
999 | else { | |
1000 | SYSERROR("failed to create container path %s", path); | |
1001 | return -1; | |
1002 | } | |
1003 | } | |
1004 | strcpy(p, path); | |
1005 | if (!lxc_list_empty(&conf->id_map) && chown_mapped_root(p, conf) != 0) { | |
1006 | ERROR("Failed to chown container dir"); | |
1007 | ret = -1; | |
1008 | } | |
1009 | return ret; | |
1010 | } | |
1011 | ||
72d0e1cb SG |
1012 | /* |
1013 | * create the standard expected container dir | |
1014 | */ | |
1015 | static bool create_container_dir(struct lxc_container *c) | |
1016 | { | |
1017 | char *s; | |
1018 | int len, ret; | |
1019 | ||
2a59a681 | 1020 | len = strlen(c->config_path) + strlen(c->name) + 2; |
72d0e1cb SG |
1021 | s = malloc(len); |
1022 | if (!s) | |
1023 | return false; | |
2a59a681 | 1024 | ret = snprintf(s, len, "%s/%s", c->config_path, c->name); |
72d0e1cb SG |
1025 | if (ret < 0 || ret >= len) { |
1026 | free(s); | |
1027 | return false; | |
1028 | } | |
d5752559 | 1029 | ret = do_create_container_dir(s, c->lxc_conf); |
72d0e1cb SG |
1030 | free(s); |
1031 | return ret == 0; | |
1032 | } | |
1033 | ||
1034 | /* | |
1897e3bc SH |
1035 | * do_bdev_create: thin wrapper around bdev_create(). Like bdev_create(), |
1036 | * it returns a mounted bdev on success, NULL on error. | |
72d0e1cb | 1037 | */ |
1897e3bc SH |
1038 | static struct bdev *do_bdev_create(struct lxc_container *c, const char *type, |
1039 | struct bdev_specs *specs) | |
1040 | { | |
1041 | char *dest; | |
1897e3bc SH |
1042 | size_t len; |
1043 | struct bdev *bdev; | |
1044 | int ret; | |
1045 | ||
cd219ae6 SY |
1046 | /* rootfs.path or lxcpath/lxcname/rootfs */ |
1047 | if (c->lxc_conf->rootfs.path && access(c->lxc_conf->rootfs.path, F_OK) == 0) { | |
cf465fe4 SH |
1048 | const char *rpath = c->lxc_conf->rootfs.path; |
1049 | len = strlen(rpath) + 1; | |
cd219ae6 | 1050 | dest = alloca(len); |
cf465fe4 | 1051 | ret = snprintf(dest, len, "%s", rpath); |
cd219ae6 | 1052 | } else { |
858377e4 | 1053 | const char *lxcpath = do_lxcapi_get_config_path(c); |
cd219ae6 SY |
1054 | len = strlen(c->name) + strlen(lxcpath) + 9; |
1055 | dest = alloca(len); | |
1056 | ret = snprintf(dest, len, "%s/%s/rootfs", lxcpath, c->name); | |
1057 | } | |
1897e3bc SH |
1058 | if (ret < 0 || ret >= len) |
1059 | return NULL; | |
1060 | ||
1061 | bdev = bdev_create(dest, type, c->name, specs); | |
d44e88c2 | 1062 | if (!bdev) { |
959aee9c | 1063 | ERROR("Failed to create backing store type %s", type); |
1897e3bc | 1064 | return NULL; |
d44e88c2 SH |
1065 | } |
1066 | ||
858377e4 | 1067 | do_lxcapi_set_config_item(c, "lxc.rootfs", bdev->src); |
39460be8 | 1068 | do_lxcapi_set_config_item(c, "lxc.rootfs.backend", bdev->type); |
cf3ef16d SH |
1069 | |
1070 | /* if we are not root, chown the rootfs dir to root in the | |
1071 | * target uidmap */ | |
1072 | ||
0e6e3a41 | 1073 | if (geteuid() != 0 || (c->lxc_conf && !lxc_list_empty(&c->lxc_conf->id_map))) { |
c4d10a05 | 1074 | if (chown_mapped_root(bdev->dest, c->lxc_conf) < 0) { |
959aee9c | 1075 | ERROR("Error chowning %s to container root", bdev->dest); |
97e9cfa0 | 1076 | suggest_default_idmap(); |
cf3ef16d SH |
1077 | bdev_put(bdev); |
1078 | return NULL; | |
1079 | } | |
1080 | } | |
1081 | ||
1897e3bc SH |
1082 | return bdev; |
1083 | } | |
1084 | ||
96b3cb40 | 1085 | static char *lxcbasename(char *path) |
72d0e1cb | 1086 | { |
96b3cb40 SH |
1087 | char *p = path + strlen(path) - 1; |
1088 | while (*p != '/' && p > path) | |
1089 | p--; | |
1090 | return p; | |
1091 | } | |
72d0e1cb | 1092 | |
69aeabac | 1093 | static bool create_run_template(struct lxc_container *c, char *tpath, bool need_null_stdfds, |
96b3cb40 SH |
1094 | char *const argv[]) |
1095 | { | |
1096 | pid_t pid; | |
72d0e1cb | 1097 | |
72d0e1cb | 1098 | if (!tpath) |
96b3cb40 | 1099 | return true; |
72d0e1cb SG |
1100 | |
1101 | pid = fork(); | |
1102 | if (pid < 0) { | |
959aee9c | 1103 | SYSERROR("failed to fork task for container creation template"); |
96b3cb40 | 1104 | return false; |
72d0e1cb SG |
1105 | } |
1106 | ||
1107 | if (pid == 0) { // child | |
39460be8 | 1108 | char *patharg, *namearg, *rootfsarg; |
1897e3bc | 1109 | struct bdev *bdev = NULL; |
72d0e1cb | 1110 | int i; |
96b3cb40 SH |
1111 | int ret, len, nargs = 0; |
1112 | char **newargv; | |
cf3ef16d | 1113 | struct lxc_conf *conf = c->lxc_conf; |
72d0e1cb | 1114 | |
69aeabac TA |
1115 | if (need_null_stdfds && null_stdfds() < 0) { |
1116 | exit(1); | |
dc23c1c8 | 1117 | } |
1897e3bc | 1118 | |
39460be8 | 1119 | bdev = bdev_init(c->lxc_conf, c->lxc_conf->rootfs.path, c->lxc_conf->rootfs.mount, NULL); |
1897e3bc SH |
1120 | if (!bdev) { |
1121 | ERROR("Error opening rootfs"); | |
1122 | exit(1); | |
1123 | } | |
1124 | ||
4de2791f | 1125 | if (geteuid() == 0) { |
cf3ef16d SH |
1126 | if (unshare(CLONE_NEWNS) < 0) { |
1127 | ERROR("error unsharing mounts"); | |
1128 | exit(1); | |
1129 | } | |
4de2791f | 1130 | if (detect_shared_rootfs()) { |
c597baa8 | 1131 | if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL)) { |
4de2791f SH |
1132 | SYSERROR("Failed to make / rslave to run template"); |
1133 | ERROR("Continuing..."); | |
1134 | } | |
1135 | } | |
1136 | } | |
2659c7cb | 1137 | if (strcmp(bdev->type, "dir") && strcmp(bdev->type, "btrfs")) { |
4de2791f | 1138 | if (geteuid() != 0) { |
2659c7cb | 1139 | ERROR("non-root users can only create btrfs and directory-backed containers"); |
4de2791f SH |
1140 | exit(1); |
1141 | } | |
cf3ef16d SH |
1142 | if (bdev->ops->mount(bdev) < 0) { |
1143 | ERROR("Error mounting rootfs"); | |
1144 | exit(1); | |
1145 | } | |
1146 | } else { // TODO come up with a better way here! | |
f10fad2f | 1147 | free(bdev->dest); |
cf3ef16d | 1148 | bdev->dest = strdup(bdev->src); |
1897e3bc SH |
1149 | } |
1150 | ||
72d0e1cb SG |
1151 | /* |
1152 | * create our new array, pre-pend the template name and | |
1153 | * base args | |
1154 | */ | |
1155 | if (argv) | |
1897e3bc | 1156 | for (nargs = 0; argv[nargs]; nargs++) ; |
6849cb5b | 1157 | nargs += 4; // template, path, rootfs and name args |
cf3ef16d | 1158 | |
72d0e1cb SG |
1159 | newargv = malloc(nargs * sizeof(*newargv)); |
1160 | if (!newargv) | |
1161 | exit(1); | |
96b3cb40 | 1162 | newargv[0] = lxcbasename(tpath); |
72d0e1cb | 1163 | |
2a59a681 | 1164 | len = strlen(c->config_path) + strlen(c->name) + strlen("--path=") + 2; |
72d0e1cb SG |
1165 | patharg = malloc(len); |
1166 | if (!patharg) | |
1167 | exit(1); | |
2a59a681 | 1168 | ret = snprintf(patharg, len, "--path=%s/%s", c->config_path, c->name); |
72d0e1cb SG |
1169 | if (ret < 0 || ret >= len) |
1170 | exit(1); | |
1171 | newargv[1] = patharg; | |
1172 | len = strlen("--name=") + strlen(c->name) + 1; | |
1173 | namearg = malloc(len); | |
1174 | if (!namearg) | |
1175 | exit(1); | |
1176 | ret = snprintf(namearg, len, "--name=%s", c->name); | |
1177 | if (ret < 0 || ret >= len) | |
1178 | exit(1); | |
1179 | newargv[2] = namearg; | |
1180 | ||
1897e3bc SH |
1181 | len = strlen("--rootfs=") + 1 + strlen(bdev->dest); |
1182 | rootfsarg = malloc(len); | |
1183 | if (!rootfsarg) | |
1184 | exit(1); | |
1185 | ret = snprintf(rootfsarg, len, "--rootfs=%s", bdev->dest); | |
1186 | if (ret < 0 || ret >= len) | |
1187 | exit(1); | |
1188 | newargv[3] = rootfsarg; | |
1189 | ||
72d0e1cb SG |
1190 | /* add passed-in args */ |
1191 | if (argv) | |
1897e3bc SH |
1192 | for (i = 4; i < nargs; i++) |
1193 | newargv[i] = argv[i-4]; | |
72d0e1cb SG |
1194 | |
1195 | /* add trailing NULL */ | |
1196 | nargs++; | |
1197 | newargv = realloc(newargv, nargs * sizeof(*newargv)); | |
1198 | if (!newargv) | |
1199 | exit(1); | |
1200 | newargv[nargs - 1] = NULL; | |
1201 | ||
cf3ef16d SH |
1202 | /* |
1203 | * If we're running the template in a mapped userns, then | |
1204 | * we prepend the template command with: | |
1205 | * lxc-usernsexec <-m map1> ... <-m mapn> -- | |
57d116ab SH |
1206 | * and we append "--mapped-uid x", where x is the mapped uid |
1207 | * for our geteuid() | |
cf3ef16d | 1208 | */ |
0e6e3a41 | 1209 | if (!lxc_list_empty(&conf->id_map)) { |
cf3ef16d | 1210 | int n2args = 1; |
57d116ab | 1211 | char txtuid[20]; |
2133f58c | 1212 | char txtgid[20]; |
cf3ef16d SH |
1213 | char **n2 = malloc(n2args * sizeof(*n2)); |
1214 | struct lxc_list *it; | |
1215 | struct id_map *map; | |
1216 | ||
57d116ab SH |
1217 | if (!n2) { |
1218 | SYSERROR("out of memory"); | |
1219 | exit(1); | |
1220 | } | |
cf3ef16d SH |
1221 | newargv[0] = tpath; |
1222 | tpath = "lxc-usernsexec"; | |
1223 | n2[0] = "lxc-usernsexec"; | |
1224 | lxc_list_for_each(it, &conf->id_map) { | |
1225 | map = it->elem; | |
1226 | n2args += 2; | |
57d116ab | 1227 | n2 = realloc(n2, n2args * sizeof(char *)); |
cf3ef16d SH |
1228 | if (!n2) |
1229 | exit(1); | |
1230 | n2[n2args-2] = "-m"; | |
1231 | n2[n2args-1] = malloc(200); | |
1232 | if (!n2[n2args-1]) | |
1233 | exit(1); | |
1234 | ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu", | |
1235 | map->idtype == ID_TYPE_UID ? 'u' : 'g', | |
1236 | map->nsid, map->hostid, map->range); | |
1237 | if (ret < 0 || ret >= 200) | |
1238 | exit(1); | |
1239 | } | |
2133f58c | 1240 | int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID); |
6849cb5b | 1241 | int extraargs = hostid_mapped >= 0 ? 1 : 3; |
57d116ab | 1242 | n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *)); |
cf3ef16d SH |
1243 | if (!n2) |
1244 | exit(1); | |
57d116ab | 1245 | if (hostid_mapped < 0) { |
339efad9 | 1246 | hostid_mapped = find_unmapped_nsid(conf, ID_TYPE_UID); |
cf3ef16d | 1247 | n2[n2args++] = "-m"; |
57d116ab | 1248 | if (hostid_mapped < 0) { |
cf3ef16d SH |
1249 | ERROR("Could not find free uid to map"); |
1250 | exit(1); | |
1251 | } | |
1252 | n2[n2args++] = malloc(200); | |
1253 | if (!n2[n2args-1]) { | |
1254 | SYSERROR("out of memory"); | |
1255 | exit(1); | |
1256 | } | |
1257 | ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1", | |
57d116ab | 1258 | hostid_mapped, geteuid()); |
cf3ef16d SH |
1259 | if (ret < 0 || ret >= 200) { |
1260 | ERROR("string too long"); | |
1261 | exit(1); | |
1262 | } | |
1263 | } | |
2133f58c SH |
1264 | int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID); |
1265 | extraargs = hostgid_mapped >= 0 ? 1 : 3; | |
1266 | n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *)); | |
1267 | if (!n2) | |
1268 | exit(1); | |
1269 | if (hostgid_mapped < 0) { | |
339efad9 | 1270 | hostgid_mapped = find_unmapped_nsid(conf, ID_TYPE_GID); |
2133f58c SH |
1271 | n2[n2args++] = "-m"; |
1272 | if (hostgid_mapped < 0) { | |
1273 | ERROR("Could not find free uid to map"); | |
1274 | exit(1); | |
1275 | } | |
1276 | n2[n2args++] = malloc(200); | |
1277 | if (!n2[n2args-1]) { | |
1278 | SYSERROR("out of memory"); | |
1279 | exit(1); | |
1280 | } | |
1281 | ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1", | |
1282 | hostgid_mapped, getegid()); | |
1283 | if (ret < 0 || ret >= 200) { | |
1284 | ERROR("string too long"); | |
1285 | exit(1); | |
1286 | } | |
1287 | } | |
cf3ef16d SH |
1288 | n2[n2args++] = "--"; |
1289 | for (i = 0; i < nargs; i++) | |
1290 | n2[i + n2args] = newargv[i]; | |
57d116ab SH |
1291 | n2args += nargs; |
1292 | // Finally add "--mapped-uid $uid" to tell template what to chown | |
1293 | // cached images to | |
2133f58c | 1294 | n2args += 4; |
57d116ab SH |
1295 | n2 = realloc(n2, n2args * sizeof(char *)); |
1296 | if (!n2) { | |
1297 | SYSERROR("out of memory"); | |
1298 | exit(1); | |
1299 | } | |
1300 | // note n2[n2args-1] is NULL | |
2133f58c | 1301 | n2[n2args-5] = "--mapped-uid"; |
57d116ab | 1302 | snprintf(txtuid, 20, "%d", hostid_mapped); |
2133f58c SH |
1303 | n2[n2args-4] = txtuid; |
1304 | n2[n2args-3] = "--mapped-gid"; | |
1305 | snprintf(txtgid, 20, "%d", hostgid_mapped); | |
1306 | n2[n2args-2] = txtgid; | |
57d116ab | 1307 | n2[n2args-1] = NULL; |
cf3ef16d SH |
1308 | free(newargv); |
1309 | newargv = n2; | |
1310 | } | |
72d0e1cb | 1311 | /* execute */ |
cf3ef16d | 1312 | execvp(tpath, newargv); |
72d0e1cb SG |
1313 | SYSERROR("failed to execute template %s", tpath); |
1314 | exit(1); | |
1315 | } | |
1316 | ||
9be53773 | 1317 | if (wait_for_pid(pid) != 0) { |
959aee9c | 1318 | ERROR("container creation template for %s failed", c->name); |
96b3cb40 SH |
1319 | return false; |
1320 | } | |
1321 | ||
1322 | return true; | |
1323 | } | |
1324 | ||
74a3920a | 1325 | static bool prepend_lxc_header(char *path, const char *t, char *const argv[]) |
3ce74686 | 1326 | { |
1fd9bd50 | 1327 | long flen; |
b4569e93 | 1328 | char *contents; |
3ce74686 | 1329 | FILE *f; |
025ed0f3 | 1330 | int ret = -1; |
52026772 | 1331 | #if HAVE_LIBGNUTLS |
025ed0f3 | 1332 | int i; |
3ce74686 | 1333 | unsigned char md_value[SHA_DIGEST_LENGTH]; |
b4569e93 | 1334 | char *tpath; |
52026772 | 1335 | #endif |
3ce74686 | 1336 | |
025ed0f3 | 1337 | f = fopen(path, "r"); |
025ed0f3 | 1338 | if (f == NULL) |
3ce74686 | 1339 | return false; |
025ed0f3 SH |
1340 | |
1341 | if (fseek(f, 0, SEEK_END) < 0) | |
1342 | goto out_error; | |
1343 | if ((flen = ftell(f)) < 0) | |
1344 | goto out_error; | |
1345 | if (fseek(f, 0, SEEK_SET) < 0) | |
1346 | goto out_error; | |
1347 | if ((contents = malloc(flen + 1)) == NULL) | |
1348 | goto out_error; | |
1349 | if (fread(contents, 1, flen, f) != flen) | |
1350 | goto out_free_contents; | |
1351 | ||
3ce74686 | 1352 | contents[flen] = '\0'; |
025ed0f3 | 1353 | ret = fclose(f); |
025ed0f3 SH |
1354 | f = NULL; |
1355 | if (ret < 0) | |
1356 | goto out_free_contents; | |
3ce74686 | 1357 | |
b4569e93 | 1358 | #if HAVE_LIBGNUTLS |
01efd4d3 | 1359 | tpath = get_template_path(t); |
85db5535 | 1360 | if (!tpath) { |
959aee9c | 1361 | ERROR("bad template: %s", t); |
025ed0f3 | 1362 | goto out_free_contents; |
3ce74686 SH |
1363 | } |
1364 | ||
85db5535 DE |
1365 | ret = sha1sum_file(tpath, md_value); |
1366 | if (ret < 0) { | |
1367 | ERROR("Error getting sha1sum of %s", tpath); | |
3ce74686 | 1368 | free(tpath); |
85db5535 | 1369 | goto out_free_contents; |
3ce74686 | 1370 | } |
85db5535 | 1371 | free(tpath); |
3ce74686 SH |
1372 | #endif |
1373 | ||
025ed0f3 | 1374 | f = fopen(path, "w"); |
025ed0f3 | 1375 | if (f == NULL) { |
3ce74686 SH |
1376 | SYSERROR("reopening config for writing"); |
1377 | free(contents); | |
1378 | return false; | |
1379 | } | |
1380 | fprintf(f, "# Template used to create this container: %s\n", t); | |
1381 | if (argv) { | |
1382 | fprintf(f, "# Parameters passed to the template:"); | |
1383 | while (*argv) { | |
1384 | fprintf(f, " %s", *argv); | |
1385 | argv++; | |
1386 | } | |
1387 | fprintf(f, "\n"); | |
1388 | } | |
1389 | #if HAVE_LIBGNUTLS | |
56698177 SH |
1390 | fprintf(f, "# Template script checksum (SHA-1): "); |
1391 | for (i=0; i<SHA_DIGEST_LENGTH; i++) | |
1392 | fprintf(f, "%02x", md_value[i]); | |
1393 | fprintf(f, "\n"); | |
3ce74686 | 1394 | #endif |
0520c252 | 1395 | fprintf(f, "# For additional config options, please look at lxc.container.conf(5)\n"); |
49a2ed80 SH |
1396 | fprintf(f, "\n# Uncomment the following line to support nesting containers:\n"); |
1397 | fprintf(f, "#lxc.include = " LXCTEMPLATECONFIG "/nesting.conf\n"); | |
1398 | fprintf(f, "# (Be aware this has security implications)\n\n"); | |
3ce74686 SH |
1399 | if (fwrite(contents, 1, flen, f) != flen) { |
1400 | SYSERROR("Writing original contents"); | |
1401 | free(contents); | |
1402 | fclose(f); | |
1403 | return false; | |
1404 | } | |
025ed0f3 SH |
1405 | ret = 0; |
1406 | out_free_contents: | |
3ce74686 | 1407 | free(contents); |
025ed0f3 SH |
1408 | out_error: |
1409 | if (f) { | |
1410 | int newret; | |
025ed0f3 | 1411 | newret = fclose(f); |
025ed0f3 SH |
1412 | if (ret == 0) |
1413 | ret = newret; | |
1414 | } | |
1415 | if (ret < 0) { | |
1416 | SYSERROR("Error prepending header"); | |
3ce74686 SH |
1417 | return false; |
1418 | } | |
1419 | return true; | |
1420 | } | |
1421 | ||
4df7f012 SH |
1422 | static void lxcapi_clear_config(struct lxc_container *c) |
1423 | { | |
f979ac15 SH |
1424 | if (c) { |
1425 | if (c->lxc_conf) { | |
1426 | lxc_conf_free(c->lxc_conf); | |
1427 | c->lxc_conf = NULL; | |
1428 | } | |
4df7f012 SH |
1429 | } |
1430 | } | |
1431 | ||
858377e4 SH |
1432 | #define do_lxcapi_clear_config(c) lxcapi_clear_config(c) |
1433 | ||
96b3cb40 SH |
1434 | /* |
1435 | * lxcapi_create: | |
1436 | * create a container with the given parameters. | |
1437 | * @c: container to be created. It has the lxcpath, name, and a starting | |
1438 | * configuration already set | |
1439 | * @t: the template to execute to instantiate the root filesystem and | |
1440 | * adjust the configuration. | |
1441 | * @bdevtype: backing store type to use. If NULL, dir will be used. | |
1442 | * @specs: additional parameters for the backing store, i.e. LVM vg to | |
1443 | * use. | |
1444 | * | |
1445 | * @argv: the arguments to pass to the template, terminated by NULL. If no | |
1446 | * arguments, you can just pass NULL. | |
1447 | */ | |
858377e4 | 1448 | static bool do_lxcapi_create(struct lxc_container *c, const char *t, |
dc23c1c8 | 1449 | const char *bdevtype, struct bdev_specs *specs, int flags, |
96b3cb40 SH |
1450 | char *const argv[]) |
1451 | { | |
a69aad27 | 1452 | bool ret = false; |
96b3cb40 | 1453 | pid_t pid; |
85db5535 | 1454 | char *tpath = NULL; |
cbee8106 | 1455 | int partial_fd; |
96b3cb40 SH |
1456 | |
1457 | if (!c) | |
1458 | return false; | |
1459 | ||
85db5535 DE |
1460 | if (t) { |
1461 | tpath = get_template_path(t); | |
1462 | if (!tpath) { | |
959aee9c | 1463 | ERROR("bad template: %s", t); |
85db5535 DE |
1464 | goto out; |
1465 | } | |
96b3cb40 SH |
1466 | } |
1467 | ||
cf465fe4 SH |
1468 | /* |
1469 | * If a template is passed in, and the rootfs already is defined in | |
1470 | * the container config and exists, then * caller is trying to create | |
1471 | * an existing container. Return an error, but do NOT delete the | |
1472 | * container. | |
1473 | */ | |
858377e4 | 1474 | if (do_lxcapi_is_defined(c) && c->lxc_conf && c->lxc_conf->rootfs.path && |
cf465fe4 SH |
1475 | access(c->lxc_conf->rootfs.path, F_OK) == 0 && tpath) { |
1476 | ERROR("Container %s:%s already exists", c->config_path, c->name); | |
6c6892b5 | 1477 | goto free_tpath; |
cf465fe4 SH |
1478 | } |
1479 | ||
6c6892b5 | 1480 | if (!c->lxc_conf) { |
858377e4 | 1481 | if (!do_lxcapi_load_config(c, lxc_global_config_value("lxc.default_config"))) { |
959aee9c | 1482 | ERROR("Error loading default configuration file %s", lxc_global_config_value("lxc.default_config")); |
6c6892b5 DE |
1483 | goto free_tpath; |
1484 | } | |
96b3cb40 SH |
1485 | } |
1486 | ||
6c6892b5 DE |
1487 | if (!create_container_dir(c)) |
1488 | goto free_tpath; | |
1489 | ||
0590e82c | 1490 | /* |
0590e82c SH |
1491 | * if both template and rootfs.path are set, template is setup as rootfs.path. |
1492 | * container is already created if we have a config and rootfs.path is accessible | |
1493 | */ | |
00370edd DW |
1494 | if (!c->lxc_conf->rootfs.path && !tpath) { |
1495 | /* no template passed in and rootfs does not exist */ | |
1496 | if (!c->save_config(c, NULL)) { | |
1497 | ERROR("failed to save starting configuration for %s\n", c->name); | |
1498 | goto out; | |
1499 | } | |
1500 | ret = true; | |
0590e82c | 1501 | goto out; |
00370edd | 1502 | } |
0590e82c SH |
1503 | if (c->lxc_conf->rootfs.path && access(c->lxc_conf->rootfs.path, F_OK) != 0) |
1504 | /* rootfs passed into configuration, but does not exist: error */ | |
1505 | goto out; | |
858377e4 | 1506 | if (do_lxcapi_is_defined(c) && c->lxc_conf->rootfs.path && !tpath) { |
0590e82c SH |
1507 | /* Rootfs already existed, user just wanted to save the |
1508 | * loaded configuration */ | |
0f4cdd77 DW |
1509 | if (!c->save_config(c, NULL)) |
1510 | ERROR("failed to save starting configuration for %s\n", c->name); | |
0590e82c SH |
1511 | ret = true; |
1512 | goto out; | |
a69aad27 | 1513 | } |
96b3cb40 SH |
1514 | |
1515 | /* Mark that this container is being created */ | |
1516 | if ((partial_fd = create_partial(c)) < 0) | |
1517 | goto out; | |
1518 | ||
1519 | /* no need to get disk lock bc we have the partial locked */ | |
1520 | ||
1521 | /* | |
1522 | * Create the backing store | |
1523 | * Note we can't do this in the same task as we use to execute the | |
1524 | * template because of the way zfs works. | |
1525 | * After you 'zfs create', zfs mounts the fs only in the initial | |
1526 | * namespace. | |
1527 | */ | |
1528 | pid = fork(); | |
1529 | if (pid < 0) { | |
959aee9c | 1530 | SYSERROR("failed to fork task for container creation template"); |
8eb5694b SH |
1531 | goto out_unlock; |
1532 | } | |
1533 | ||
96b3cb40 SH |
1534 | if (pid == 0) { // child |
1535 | struct bdev *bdev = NULL; | |
1536 | ||
1537 | if (!(bdev = do_bdev_create(c, bdevtype, specs))) { | |
1538 | ERROR("Error creating backing store type %s for %s", | |
1539 | bdevtype ? bdevtype : "(none)", c->name); | |
1540 | exit(1); | |
1541 | } | |
1542 | ||
1543 | /* save config file again to store the new rootfs location */ | |
858377e4 | 1544 | if (!do_lxcapi_save_config(c, NULL)) { |
959aee9c | 1545 | ERROR("failed to save starting configuration for %s", c->name); |
96b3cb40 SH |
1546 | // parent task won't see bdev in config so we delete it |
1547 | bdev->ops->umount(bdev); | |
1548 | bdev->ops->destroy(bdev); | |
1549 | exit(1); | |
1550 | } | |
1551 | exit(0); | |
1552 | } | |
1553 | if (wait_for_pid(pid) != 0) | |
a09295f8 | 1554 | goto out_unlock; |
96b3cb40 SH |
1555 | |
1556 | /* reload config to get the rootfs */ | |
a3b47c09 | 1557 | lxc_conf_free(c->lxc_conf); |
96b3cb40 SH |
1558 | c->lxc_conf = NULL; |
1559 | if (!load_config_locked(c, c->configfile)) | |
a09295f8 | 1560 | goto out_unlock; |
96b3cb40 | 1561 | |
dc23c1c8 | 1562 | if (!create_run_template(c, tpath, !!(flags & LXC_CREATE_QUIET), argv)) |
96b3cb40 SH |
1563 | goto out_unlock; |
1564 | ||
8eb5694b SH |
1565 | // now clear out the lxc_conf we have, reload from the created |
1566 | // container | |
858377e4 | 1567 | do_lxcapi_clear_config(c); |
3ce74686 | 1568 | |
9d65a487 KY |
1569 | if (t) { |
1570 | if (!prepend_lxc_header(c->configfile, tpath, argv)) { | |
1571 | ERROR("Error prepending header to configuration file"); | |
1572 | goto out_unlock; | |
1573 | } | |
3ce74686 | 1574 | } |
a69aad27 | 1575 | ret = load_config_locked(c, c->configfile); |
72d0e1cb SG |
1576 | |
1577 | out_unlock: | |
3e625e2d SH |
1578 | if (partial_fd >= 0) |
1579 | remove_partial(c, partial_fd); | |
72d0e1cb | 1580 | out: |
c55d4505 | 1581 | if (!ret) |
18aa217b | 1582 | container_destroy(c); |
6c6892b5 | 1583 | free_tpath: |
f10fad2f | 1584 | free(tpath); |
a69aad27 | 1585 | return ret; |
72d0e1cb SG |
1586 | } |
1587 | ||
858377e4 SH |
1588 | static bool lxcapi_create(struct lxc_container *c, const char *t, |
1589 | const char *bdevtype, struct bdev_specs *specs, int flags, | |
1590 | char *const argv[]) | |
1591 | { | |
1592 | bool ret; | |
1593 | current_config = c ? c->lxc_conf : NULL; | |
1594 | ret = do_lxcapi_create(c, t, bdevtype, specs, flags, argv); | |
1595 | current_config = NULL; | |
1596 | return ret; | |
1597 | } | |
1598 | ||
1599 | static bool do_lxcapi_reboot(struct lxc_container *c) | |
3e625e2d SH |
1600 | { |
1601 | pid_t pid; | |
dd267776 | 1602 | int rebootsignal = SIGINT; |
3e625e2d SH |
1603 | |
1604 | if (!c) | |
1605 | return false; | |
858377e4 | 1606 | if (!do_lxcapi_is_running(c)) |
3e625e2d | 1607 | return false; |
858377e4 | 1608 | pid = do_lxcapi_init_pid(c); |
3e625e2d SH |
1609 | if (pid <= 0) |
1610 | return false; | |
dd267776 BP |
1611 | if (c->lxc_conf && c->lxc_conf->rebootsignal) |
1612 | rebootsignal = c->lxc_conf->rebootsignal; | |
591614a7 CB |
1613 | if (kill(pid, rebootsignal) < 0) { |
1614 | WARN("Could not send signal %d to pid %d.", rebootsignal, pid); | |
3e625e2d | 1615 | return false; |
591614a7 | 1616 | } |
3e625e2d SH |
1617 | return true; |
1618 | ||
1619 | } | |
1620 | ||
858377e4 SH |
1621 | WRAP_API(bool, lxcapi_reboot) |
1622 | ||
1623 | static bool do_lxcapi_shutdown(struct lxc_container *c, int timeout) | |
72d0e1cb SG |
1624 | { |
1625 | bool retv; | |
1626 | pid_t pid; | |
f0f1d8c0 | 1627 | int haltsignal = SIGPWR; |
72d0e1cb SG |
1628 | |
1629 | if (!c) | |
1630 | return false; | |
1631 | ||
858377e4 | 1632 | if (!do_lxcapi_is_running(c)) |
72d0e1cb | 1633 | return true; |
858377e4 | 1634 | pid = do_lxcapi_init_pid(c); |
72d0e1cb SG |
1635 | if (pid <= 0) |
1636 | return true; | |
330ae3d3 CB |
1637 | |
1638 | /* Detect whether we should send SIGRTMIN + 3 (e.g. systemd). */ | |
1639 | if (task_blocking_signal(pid, (SIGRTMIN + 3))) | |
1640 | haltsignal = (SIGRTMIN + 3); | |
1641 | ||
b0227444 | 1642 | if (c->lxc_conf && c->lxc_conf->haltsignal) |
f0f1d8c0 | 1643 | haltsignal = c->lxc_conf->haltsignal; |
330ae3d3 CB |
1644 | |
1645 | INFO("Using signal number '%d' as halt signal.", haltsignal); | |
1646 | ||
591614a7 CB |
1647 | if (kill(pid, haltsignal) < 0) |
1648 | WARN("Could not send signal %d to pid %d.", haltsignal, pid); | |
1649 | ||
858377e4 | 1650 | retv = do_lxcapi_wait(c, "STOPPED", timeout); |
72d0e1cb SG |
1651 | return retv; |
1652 | } | |
1653 | ||
858377e4 SH |
1654 | WRAP_API_1(bool, lxcapi_shutdown, int) |
1655 | ||
1897e3bc | 1656 | static bool lxcapi_createl(struct lxc_container *c, const char *t, |
dc23c1c8 | 1657 | const char *bdevtype, struct bdev_specs *specs, int flags, ...) |
72d0e1cb SG |
1658 | { |
1659 | bool bret = false; | |
a0e93eeb | 1660 | char **args = NULL; |
72d0e1cb | 1661 | va_list ap; |
72d0e1cb SG |
1662 | |
1663 | if (!c) | |
1664 | return false; | |
1665 | ||
858377e4 SH |
1666 | current_config = c->lxc_conf; |
1667 | ||
72d0e1cb SG |
1668 | /* |
1669 | * since we're going to wait for create to finish, I don't think we | |
1670 | * need to get a copy of the arguments. | |
1671 | */ | |
dc23c1c8 | 1672 | va_start(ap, flags); |
a0e93eeb | 1673 | args = lxc_va_arg_list_to_argv(ap, 0, 0); |
72d0e1cb | 1674 | va_end(ap); |
a0e93eeb CS |
1675 | if (!args) { |
1676 | ERROR("Memory allocation error."); | |
1677 | goto out; | |
1678 | } | |
72d0e1cb | 1679 | |
858377e4 | 1680 | bret = do_lxcapi_create(c, t, bdevtype, specs, flags, args); |
72d0e1cb SG |
1681 | |
1682 | out: | |
a0e93eeb | 1683 | free(args); |
858377e4 | 1684 | current_config = NULL; |
72d0e1cb SG |
1685 | return bret; |
1686 | } | |
1687 | ||
6b0d5538 SH |
1688 | static void do_clear_unexp_config_line(struct lxc_conf *conf, const char *key) |
1689 | { | |
1690 | if (strcmp(key, "lxc.cgroup") == 0) | |
1691 | clear_unexp_config_line(conf, key, true); | |
1692 | else if (strcmp(key, "lxc.network") == 0) | |
1693 | clear_unexp_config_line(conf, key, true); | |
1694 | else if (strcmp(key, "lxc.hook") == 0) | |
1695 | clear_unexp_config_line(conf, key, true); | |
1696 | else | |
1697 | clear_unexp_config_line(conf, key, false); | |
1698 | if (!do_append_unexp_config_line(conf, key, "")) | |
1699 | WARN("Error clearing configuration for %s", key); | |
1700 | } | |
1701 | ||
6afd673f CB |
1702 | static bool do_lxcapi_clear_config_item(struct lxc_container *c, |
1703 | const char *key) | |
72d0e1cb | 1704 | { |
6afd673f CB |
1705 | int ret = 1; |
1706 | struct lxc_config_t *config; | |
72d0e1cb SG |
1707 | |
1708 | if (!c || !c->lxc_conf) | |
1709 | return false; | |
6afd673f | 1710 | |
5cee8c50 | 1711 | if (container_mem_lock(c)) |
72d0e1cb | 1712 | return false; |
6afd673f CB |
1713 | |
1714 | config = lxc_getconfig(key); | |
1715 | /* Verify that the config key exists and that it has a callback | |
1716 | * implemented. | |
1717 | */ | |
1718 | if (config && config->clr) | |
1719 | ret = config->clr(key, c->lxc_conf); | |
6b0d5538 SH |
1720 | if (!ret) |
1721 | do_clear_unexp_config_line(c->lxc_conf, key); | |
6afd673f | 1722 | |
5cee8c50 | 1723 | container_mem_unlock(c); |
72d0e1cb SG |
1724 | return ret == 0; |
1725 | } | |
1726 | ||
858377e4 SH |
1727 | WRAP_API_1(bool, lxcapi_clear_config_item, const char *) |
1728 | ||
e0f59189 | 1729 | static inline bool enter_net_ns(struct lxc_container *c) |
51d0854c | 1730 | { |
858377e4 | 1731 | pid_t pid = do_lxcapi_init_pid(c); |
ae22a220 | 1732 | |
0e6e3a41 | 1733 | if ((geteuid() != 0 || (c->lxc_conf && !lxc_list_empty(&c->lxc_conf->id_map))) && access("/proc/self/ns/user", F_OK) == 0) { |
51d0854c DY |
1734 | if (!switch_to_ns(pid, "user")) |
1735 | return false; | |
9c83a661 | 1736 | } |
51d0854c | 1737 | return switch_to_ns(pid, "net"); |
799f29ab ÇO |
1738 | } |
1739 | ||
9c88ff1f ÇO |
1740 | // used by qsort and bsearch functions for comparing names |
1741 | static inline int string_cmp(char **first, char **second) | |
1742 | { | |
1743 | return strcmp(*first, *second); | |
1744 | } | |
1745 | ||
1746 | // used by qsort and bsearch functions for comparing container names | |
1747 | static inline int container_cmp(struct lxc_container **first, struct lxc_container **second) | |
1748 | { | |
1749 | return strcmp((*first)->name, (*second)->name); | |
1750 | } | |
1751 | ||
1752 | static bool add_to_array(char ***names, char *cname, int pos) | |
1753 | { | |
1754 | char **newnames = realloc(*names, (pos+1) * sizeof(char *)); | |
1755 | if (!newnames) { | |
1756 | ERROR("Out of memory"); | |
1757 | return false; | |
1758 | } | |
1759 | ||
1760 | *names = newnames; | |
1761 | newnames[pos] = strdup(cname); | |
1762 | if (!newnames[pos]) | |
1763 | return false; | |
1764 | ||
1765 | // sort the arrray as we will use binary search on it | |
1766 | qsort(newnames, pos + 1, sizeof(char *), (int (*)(const void *,const void *))string_cmp); | |
1767 | ||
1768 | return true; | |
1769 | } | |
1770 | ||
2871830a | 1771 | static bool add_to_clist(struct lxc_container ***list, struct lxc_container *c, int pos, bool sort) |
9c88ff1f ÇO |
1772 | { |
1773 | struct lxc_container **newlist = realloc(*list, (pos+1) * sizeof(struct lxc_container *)); | |
1774 | if (!newlist) { | |
1775 | ERROR("Out of memory"); | |
1776 | return false; | |
1777 | } | |
1778 | ||
1779 | *list = newlist; | |
1780 | newlist[pos] = c; | |
1781 | ||
1782 | // sort the arrray as we will use binary search on it | |
2871830a DE |
1783 | if (sort) |
1784 | qsort(newlist, pos + 1, sizeof(struct lxc_container *), (int (*)(const void *,const void *))container_cmp); | |
9c88ff1f ÇO |
1785 | |
1786 | return true; | |
1787 | } | |
1788 | ||
1789 | static char** get_from_array(char ***names, char *cname, int size) | |
1790 | { | |
1791 | return (char **)bsearch(&cname, *names, size, sizeof(char *), (int (*)(const void *, const void *))string_cmp); | |
1792 | } | |
1793 | ||
1794 | ||
1795 | static bool array_contains(char ***names, char *cname, int size) { | |
1796 | if(get_from_array(names, cname, size) != NULL) | |
1797 | return true; | |
1798 | return false; | |
1799 | } | |
1800 | ||
1801 | static bool remove_from_array(char ***names, char *cname, int size) | |
1802 | { | |
1803 | char **result = get_from_array(names, cname, size); | |
1804 | if (result != NULL) { | |
1805 | free(result); | |
1806 | return true; | |
1807 | } | |
1808 | return false; | |
1809 | } | |
1810 | ||
858377e4 | 1811 | static char ** do_lxcapi_get_interfaces(struct lxc_container *c) |
799f29ab | 1812 | { |
ae22a220 ÇO |
1813 | pid_t pid; |
1814 | int i, count = 0, pipefd[2]; | |
9c88ff1f | 1815 | char **interfaces = NULL; |
ae22a220 | 1816 | char interface[IFNAMSIZ]; |
799f29ab | 1817 | |
ae22a220 ÇO |
1818 | if(pipe(pipefd) < 0) { |
1819 | SYSERROR("pipe failed"); | |
1820 | return NULL; | |
c868b261 ÇO |
1821 | } |
1822 | ||
ae22a220 ÇO |
1823 | pid = fork(); |
1824 | if (pid < 0) { | |
959aee9c | 1825 | SYSERROR("failed to fork task to get interfaces information"); |
ae22a220 ÇO |
1826 | close(pipefd[0]); |
1827 | close(pipefd[1]); | |
1828 | return NULL; | |
1829 | } | |
799f29ab | 1830 | |
ae22a220 ÇO |
1831 | if (pid == 0) { // child |
1832 | int ret = 1, nbytes; | |
1833 | struct ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL; | |
1834 | ||
1835 | /* close the read-end of the pipe */ | |
1836 | close(pipefd[0]); | |
1837 | ||
e0f59189 | 1838 | if (!enter_net_ns(c)) { |
ae22a220 ÇO |
1839 | SYSERROR("failed to enter namespace"); |
1840 | goto out; | |
1841 | } | |
1842 | ||
1843 | /* Grab the list of interfaces */ | |
1844 | if (getifaddrs(&interfaceArray)) { | |
1845 | SYSERROR("failed to get interfaces list"); | |
1846 | goto out; | |
1847 | } | |
1848 | ||
1849 | /* Iterate through the interfaces */ | |
1850 | for (tempIfAddr = interfaceArray; tempIfAddr != NULL; tempIfAddr = tempIfAddr->ifa_next) { | |
1851 | nbytes = write(pipefd[1], tempIfAddr->ifa_name, IFNAMSIZ); | |
1852 | if (nbytes < 0) { | |
1853 | ERROR("write failed"); | |
1854 | goto out; | |
1855 | } | |
1856 | count++; | |
1857 | } | |
1858 | ret = 0; | |
1859 | ||
1860 | out: | |
1861 | if (interfaceArray) | |
1862 | freeifaddrs(interfaceArray); | |
1863 | ||
1864 | /* close the write-end of the pipe, thus sending EOF to the reader */ | |
1865 | close(pipefd[1]); | |
1866 | exit(ret); | |
799f29ab ÇO |
1867 | } |
1868 | ||
ae22a220 ÇO |
1869 | /* close the write-end of the pipe */ |
1870 | close(pipefd[1]); | |
1871 | ||
358afd84 | 1872 | while (read(pipefd[0], &interface, IFNAMSIZ) == IFNAMSIZ) { |
ae22a220 ÇO |
1873 | if (array_contains(&interfaces, interface, count)) |
1874 | continue; | |
799f29ab | 1875 | |
ae22a220 ÇO |
1876 | if(!add_to_array(&interfaces, interface, count)) |
1877 | ERROR("PARENT: add_to_array failed"); | |
9c88ff1f ÇO |
1878 | count++; |
1879 | } | |
799f29ab | 1880 | |
ae22a220 ÇO |
1881 | if (wait_for_pid(pid) != 0) { |
1882 | for(i=0;i<count;i++) | |
1883 | free(interfaces[i]); | |
1884 | free(interfaces); | |
1885 | interfaces = NULL; | |
1886 | } | |
9c88ff1f | 1887 | |
ae22a220 ÇO |
1888 | /* close the read-end of the pipe */ |
1889 | close(pipefd[0]); | |
799f29ab | 1890 | |
9c88ff1f ÇO |
1891 | /* Append NULL to the array */ |
1892 | if(interfaces) | |
1893 | interfaces = (char **)lxc_append_null_to_array((void **)interfaces, count); | |
799f29ab | 1894 | |
9c88ff1f | 1895 | return interfaces; |
799f29ab ÇO |
1896 | } |
1897 | ||
858377e4 SH |
1898 | WRAP_API(char **, lxcapi_get_interfaces) |
1899 | ||
1900 | static char** do_lxcapi_get_ips(struct lxc_container *c, const char* interface, const char* family, int scope) | |
799f29ab | 1901 | { |
ae22a220 ÇO |
1902 | pid_t pid; |
1903 | int i, count = 0, pipefd[2]; | |
9c88ff1f | 1904 | char **addresses = NULL; |
ae22a220 | 1905 | char address[INET6_ADDRSTRLEN]; |
799f29ab | 1906 | |
ae22a220 ÇO |
1907 | if(pipe(pipefd) < 0) { |
1908 | SYSERROR("pipe failed"); | |
1909 | return NULL; | |
c868b261 ÇO |
1910 | } |
1911 | ||
ae22a220 ÇO |
1912 | pid = fork(); |
1913 | if (pid < 0) { | |
959aee9c | 1914 | SYSERROR("failed to fork task to get container ips"); |
ae22a220 ÇO |
1915 | close(pipefd[0]); |
1916 | close(pipefd[1]); | |
1917 | return NULL; | |
9c83a661 SG |
1918 | } |
1919 | ||
ae22a220 ÇO |
1920 | if (pid == 0) { // child |
1921 | int ret = 1, nbytes; | |
1922 | struct ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL; | |
1923 | char addressOutputBuffer[INET6_ADDRSTRLEN]; | |
1924 | void *tempAddrPtr = NULL; | |
1925 | char *address = NULL; | |
fe218ca3 | 1926 | |
ae22a220 ÇO |
1927 | /* close the read-end of the pipe */ |
1928 | close(pipefd[0]); | |
1929 | ||
e0f59189 | 1930 | if (!enter_net_ns(c)) { |
ae22a220 ÇO |
1931 | SYSERROR("failed to enter namespace"); |
1932 | goto out; | |
9c83a661 | 1933 | } |
ae22a220 ÇO |
1934 | |
1935 | /* Grab the list of interfaces */ | |
1936 | if (getifaddrs(&interfaceArray)) { | |
1937 | SYSERROR("failed to get interfaces list"); | |
1938 | goto out; | |
1939 | } | |
1940 | ||
1941 | /* Iterate through the interfaces */ | |
1942 | for (tempIfAddr = interfaceArray; tempIfAddr != NULL; tempIfAddr = tempIfAddr->ifa_next) { | |
1943 | if (tempIfAddr->ifa_addr == NULL) | |
9c83a661 SG |
1944 | continue; |
1945 | ||
ae22a220 ÇO |
1946 | if(tempIfAddr->ifa_addr->sa_family == AF_INET) { |
1947 | if (family && strcmp(family, "inet")) | |
1948 | continue; | |
1949 | tempAddrPtr = &((struct sockaddr_in *)tempIfAddr->ifa_addr)->sin_addr; | |
1950 | } | |
1951 | else { | |
1952 | if (family && strcmp(family, "inet6")) | |
1953 | continue; | |
1954 | ||
1955 | if (((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_scope_id != scope) | |
1956 | continue; | |
1957 | ||
1958 | tempAddrPtr = &((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_addr; | |
1959 | } | |
1960 | ||
1961 | if (interface && strcmp(interface, tempIfAddr->ifa_name)) | |
1962 | continue; | |
1963 | else if (!interface && strcmp("lo", tempIfAddr->ifa_name) == 0) | |
9c83a661 SG |
1964 | continue; |
1965 | ||
ae22a220 ÇO |
1966 | address = (char *)inet_ntop(tempIfAddr->ifa_addr->sa_family, |
1967 | tempAddrPtr, | |
1968 | addressOutputBuffer, | |
1969 | sizeof(addressOutputBuffer)); | |
1970 | if (!address) | |
1971 | continue; | |
1972 | ||
1973 | nbytes = write(pipefd[1], address, INET6_ADDRSTRLEN); | |
1974 | if (nbytes < 0) { | |
1975 | ERROR("write failed"); | |
1976 | goto out; | |
1977 | } | |
1978 | count++; | |
9c83a661 | 1979 | } |
ae22a220 | 1980 | ret = 0; |
9c83a661 | 1981 | |
ae22a220 ÇO |
1982 | out: |
1983 | if(interfaceArray) | |
1984 | freeifaddrs(interfaceArray); | |
9c83a661 | 1985 | |
ae22a220 ÇO |
1986 | /* close the write-end of the pipe, thus sending EOF to the reader */ |
1987 | close(pipefd[1]); | |
1988 | exit(ret); | |
6849cb5b | 1989 | } |
9c83a661 | 1990 | |
ae22a220 ÇO |
1991 | /* close the write-end of the pipe */ |
1992 | close(pipefd[1]); | |
1993 | ||
358afd84 | 1994 | while (read(pipefd[0], &address, INET6_ADDRSTRLEN) == INET6_ADDRSTRLEN) { |
9c88ff1f | 1995 | if(!add_to_array(&addresses, address, count)) |
ae22a220 | 1996 | ERROR("PARENT: add_to_array failed"); |
9c88ff1f | 1997 | count++; |
9c83a661 SG |
1998 | } |
1999 | ||
ae22a220 ÇO |
2000 | if (wait_for_pid(pid) != 0) { |
2001 | for(i=0;i<count;i++) | |
2002 | free(addresses[i]); | |
2003 | free(addresses); | |
2004 | addresses = NULL; | |
2005 | } | |
9c83a661 | 2006 | |
ae22a220 ÇO |
2007 | /* close the read-end of the pipe */ |
2008 | close(pipefd[0]); | |
9c83a661 SG |
2009 | |
2010 | /* Append NULL to the array */ | |
9c88ff1f ÇO |
2011 | if(addresses) |
2012 | addresses = (char **)lxc_append_null_to_array((void **)addresses, count); | |
9c83a661 SG |
2013 | |
2014 | return addresses; | |
2015 | } | |
2016 | ||
858377e4 SH |
2017 | WRAP_API_3(char **, lxcapi_get_ips, const char *, const char *, int) |
2018 | ||
2019 | static int do_lxcapi_get_config_item(struct lxc_container *c, const char *key, char *retv, int inlen) | |
72d0e1cb | 2020 | { |
fce687aa CB |
2021 | int ret = -1; |
2022 | struct lxc_config_t *config; | |
72d0e1cb SG |
2023 | |
2024 | if (!c || !c->lxc_conf) | |
2025 | return -1; | |
fce687aa | 2026 | |
5cee8c50 | 2027 | if (container_mem_lock(c)) |
72d0e1cb | 2028 | return -1; |
fce687aa CB |
2029 | |
2030 | config = lxc_getconfig(key); | |
2031 | /* Verify that the config key exists and that it has a callback | |
2032 | * implemented. | |
2033 | */ | |
2034 | if (config && config->get) | |
6bede808 | 2035 | ret = config->get(key, retv, inlen, c->lxc_conf); |
fce687aa | 2036 | |
5cee8c50 | 2037 | container_mem_unlock(c); |
72d0e1cb SG |
2038 | return ret; |
2039 | } | |
2040 | ||
858377e4 SH |
2041 | WRAP_API_3(int, lxcapi_get_config_item, const char *, char *, int) |
2042 | ||
2043 | static char* do_lxcapi_get_running_config_item(struct lxc_container *c, const char *key) | |
8ac18377 ÇO |
2044 | { |
2045 | char *ret; | |
2046 | ||
2047 | if (!c || !c->lxc_conf) | |
2048 | return NULL; | |
2049 | if (container_mem_lock(c)) | |
2050 | return NULL; | |
858377e4 | 2051 | ret = lxc_cmd_get_config_item(c->name, key, do_lxcapi_get_config_path(c)); |
8ac18377 ÇO |
2052 | container_mem_unlock(c); |
2053 | return ret; | |
2054 | } | |
2055 | ||
858377e4 SH |
2056 | WRAP_API_1(char *, lxcapi_get_running_config_item, const char *) |
2057 | ||
2058 | static int do_lxcapi_get_keys(struct lxc_container *c, const char *key, char *retv, int inlen) | |
72d0e1cb SG |
2059 | { |
2060 | if (!key) | |
2061 | return lxc_listconfigs(retv, inlen); | |
2062 | /* | |
2063 | * Support 'lxc.network.<idx>', i.e. 'lxc.network.0' | |
2064 | * This is an intelligent result to show which keys are valid given | |
2065 | * the type of nic it is | |
2066 | */ | |
2067 | if (!c || !c->lxc_conf) | |
2068 | return -1; | |
5cee8c50 | 2069 | if (container_mem_lock(c)) |
72d0e1cb SG |
2070 | return -1; |
2071 | int ret = -1; | |
2072 | if (strncmp(key, "lxc.network.", 12) == 0) | |
6849cb5b | 2073 | ret = lxc_list_nicconfigs(c->lxc_conf, key, retv, inlen); |
5cee8c50 | 2074 | container_mem_unlock(c); |
72d0e1cb SG |
2075 | return ret; |
2076 | } | |
2077 | ||
858377e4 SH |
2078 | WRAP_API_3(int, lxcapi_get_keys, const char *, char *, int) |
2079 | ||
2080 | static bool do_lxcapi_save_config(struct lxc_container *c, const char *alt_file) | |
72d0e1cb | 2081 | { |
39dc698c SH |
2082 | FILE *fout; |
2083 | bool ret = false, need_disklock = false; | |
2084 | int lret; | |
2085 | ||
72d0e1cb SG |
2086 | if (!alt_file) |
2087 | alt_file = c->configfile; | |
2088 | if (!alt_file) | |
6849cb5b | 2089 | return false; // should we write to stdout if no file is specified? |
39dc698c SH |
2090 | |
2091 | // If we haven't yet loaded a config, load the stock config | |
2092 | if (!c->lxc_conf) { | |
858377e4 | 2093 | if (!do_lxcapi_load_config(c, lxc_global_config_value("lxc.default_config"))) { |
959aee9c | 2094 | ERROR("Error loading default configuration file %s while saving %s", lxc_global_config_value("lxc.default_config"), c->name); |
72d0e1cb SG |
2095 | return false; |
2096 | } | |
39dc698c | 2097 | } |
72d0e1cb | 2098 | |
5a3d2e1e SG |
2099 | if (!create_container_dir(c)) |
2100 | return false; | |
2101 | ||
39dc698c SH |
2102 | /* |
2103 | * If we're writing to the container's config file, take the | |
2104 | * disk lock. Otherwise just take the memlock to protect the | |
2105 | * struct lxc_container while we're traversing it. | |
2106 | */ | |
2107 | if (strcmp(c->configfile, alt_file) == 0) | |
2108 | need_disklock = true; | |
2109 | ||
2110 | if (need_disklock) | |
2111 | lret = container_disk_lock(c); | |
2112 | else | |
2113 | lret = container_mem_lock(c); | |
2114 | ||
2115 | if (lret) | |
72d0e1cb | 2116 | return false; |
39dc698c SH |
2117 | |
2118 | fout = fopen(alt_file, "w"); | |
2119 | if (!fout) | |
2120 | goto out; | |
6b0d5538 | 2121 | write_config(fout, c->lxc_conf); |
72d0e1cb | 2122 | fclose(fout); |
39dc698c SH |
2123 | ret = true; |
2124 | ||
2125 | out: | |
2126 | if (need_disklock) | |
2127 | container_disk_unlock(c); | |
2128 | else | |
2129 | container_mem_unlock(c); | |
2130 | return ret; | |
72d0e1cb SG |
2131 | } |
2132 | ||
858377e4 SH |
2133 | WRAP_API_1(bool, lxcapi_save_config, const char *) |
2134 | ||
0ea055b3 CB |
2135 | |
2136 | static bool mod_rdep(struct lxc_container *c0, struct lxc_container *c, bool inc) | |
dfb31b25 | 2137 | { |
0ea055b3 CB |
2138 | FILE *f1; |
2139 | struct stat fbuf; | |
42342bed CB |
2140 | void *buf = NULL; |
2141 | char *del = NULL; | |
dfb31b25 | 2142 | char path[MAXPATHLEN]; |
0ea055b3 CB |
2143 | char newpath[MAXPATHLEN]; |
2144 | int fd, ret, n = 0, v = 0; | |
dfb31b25 | 2145 | bool bret = false; |
42342bed | 2146 | size_t len = 0, bytes = 0; |
dfb31b25 | 2147 | |
0ea055b3 | 2148 | if (container_disk_lock(c0)) |
dfb31b25 | 2149 | return false; |
0ea055b3 CB |
2150 | |
2151 | ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_snapshots", c0->config_path, c0->name); | |
dfb31b25 SH |
2152 | if (ret < 0 || ret > MAXPATHLEN) |
2153 | goto out; | |
0ea055b3 CB |
2154 | ret = snprintf(newpath, MAXPATHLEN, "%s\n%s\n", c->config_path, c->name); |
2155 | if (ret < 0 || ret > MAXPATHLEN) | |
dfb31b25 | 2156 | goto out; |
0ea055b3 CB |
2157 | |
2158 | /* If we find an lxc-snapshot file using the old format only listing the | |
2159 | * number of snapshots we will keep using it. */ | |
2160 | f1 = fopen(path, "r"); | |
2161 | if (f1) { | |
2162 | n = fscanf(f1, "%d", &v); | |
2163 | fclose(f1); | |
2164 | if (n == 1 && v == 0) { | |
2165 | remove(path); | |
2166 | n = 0; | |
2167 | } | |
dfb31b25 | 2168 | } |
0ea055b3 CB |
2169 | if (n == 1) { |
2170 | v += inc ? 1 : -1; | |
2171 | f1 = fopen(path, "w"); | |
2172 | if (!f1) | |
2173 | goto out; | |
2174 | if (fprintf(f1, "%d\n", v) < 0) { | |
2175 | ERROR("Error writing new snapshots value"); | |
2176 | fclose(f1); | |
2177 | goto out; | |
2178 | } | |
2179 | ret = fclose(f1); | |
2180 | if (ret != 0) { | |
2181 | SYSERROR("Error writing to or closing snapshots file"); | |
2182 | goto out; | |
2183 | } | |
2184 | } else { | |
2185 | /* Here we know that we have or can use an lxc-snapshot file | |
2186 | * using the new format. */ | |
2187 | if (inc) { | |
2188 | f1 = fopen(path, "a"); | |
2189 | if (!f1) | |
2190 | goto out; | |
2191 | ||
2192 | if (fprintf(f1, "%s", newpath) < 0) { | |
2193 | ERROR("Error writing new snapshots entry"); | |
2194 | ret = fclose(f1); | |
2195 | if (ret != 0) | |
2196 | SYSERROR("Error writing to or closing snapshots file"); | |
2197 | goto out; | |
2198 | } | |
2199 | ||
2200 | ret = fclose(f1); | |
2201 | if (ret != 0) { | |
2202 | SYSERROR("Error writing to or closing snapshots file"); | |
2203 | goto out; | |
2204 | } | |
2205 | } else if (!inc) { | |
d028235d SG |
2206 | if ((fd = open(path, O_RDWR | O_CLOEXEC)) < 0) |
2207 | goto out; | |
2208 | ||
2209 | if (fstat(fd, &fbuf) < 0) { | |
2210 | close(fd); | |
2211 | goto out; | |
2212 | } | |
2213 | ||
2214 | if (fbuf.st_size != 0) { | |
d028235d | 2215 | |
25086a5f | 2216 | buf = lxc_strmmap(NULL, fbuf.st_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); |
d028235d SG |
2217 | if (buf == MAP_FAILED) { |
2218 | SYSERROR("Failed to create mapping %s", path); | |
2219 | close(fd); | |
2220 | goto out; | |
2221 | } | |
2222 | ||
2223 | len = strlen(newpath); | |
2224 | while ((del = strstr((char *)buf, newpath))) { | |
2225 | memmove(del, del + len, strlen(del) - len + 1); | |
2226 | bytes += len; | |
2227 | } | |
2228 | ||
25086a5f | 2229 | lxc_strmunmap(buf, fbuf.st_size); |
d028235d SG |
2230 | if (ftruncate(fd, fbuf.st_size - bytes) < 0) { |
2231 | SYSERROR("Failed to truncate file %s", path); | |
2232 | close(fd); | |
2233 | goto out; | |
2234 | } | |
2235 | } | |
2236 | close(fd); | |
2237 | } | |
0ea055b3 CB |
2238 | |
2239 | /* If the lxc-snapshot file is empty, remove it. */ | |
2240 | if (stat(path, &fbuf) < 0) | |
2241 | goto out; | |
d028235d SG |
2242 | if (!fbuf.st_size) { |
2243 | remove(path); | |
0ea055b3 | 2244 | } |
dfb31b25 SH |
2245 | } |
2246 | ||
2247 | bret = true; | |
2248 | ||
2249 | out: | |
0ea055b3 | 2250 | container_disk_unlock(c0); |
dfb31b25 SH |
2251 | return bret; |
2252 | } | |
2253 | ||
2254 | static void strip_newline(char *p) | |
2255 | { | |
2256 | size_t len = strlen(p); | |
2257 | if (len < 1) | |
2258 | return; | |
2259 | if (p[len-1] == '\n') | |
2260 | p[len-1] = '\0'; | |
2261 | } | |
2262 | ||
d825fff3 | 2263 | void mod_all_rdeps(struct lxc_container *c, bool inc) |
dfb31b25 SH |
2264 | { |
2265 | struct lxc_container *p; | |
2266 | char *lxcpath = NULL, *lxcname = NULL, path[MAXPATHLEN]; | |
2267 | size_t pathlen = 0, namelen = 0; | |
2268 | FILE *f; | |
2269 | int ret; | |
2270 | ||
2271 | ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_rdepends", | |
2272 | c->config_path, c->name); | |
2273 | if (ret < 0 || ret >= MAXPATHLEN) { | |
2274 | ERROR("Path name too long"); | |
2275 | return; | |
2276 | } | |
025ed0f3 | 2277 | f = fopen(path, "r"); |
025ed0f3 | 2278 | if (f == NULL) |
dfb31b25 SH |
2279 | return; |
2280 | while (getline(&lxcpath, &pathlen, f) != -1) { | |
2281 | if (getline(&lxcname, &namelen, f) == -1) { | |
959aee9c | 2282 | ERROR("badly formatted file %s", path); |
dfb31b25 SH |
2283 | goto out; |
2284 | } | |
2285 | strip_newline(lxcpath); | |
2286 | strip_newline(lxcname); | |
2287 | if ((p = lxc_container_new(lxcname, lxcpath)) == NULL) { | |
2288 | ERROR("Unable to find dependent container %s:%s", | |
2289 | lxcpath, lxcname); | |
2290 | continue; | |
2291 | } | |
0ea055b3 CB |
2292 | if (!mod_rdep(p, c, inc)) |
2293 | ERROR("Failed to update snapshots file for %s:%s", | |
dfb31b25 SH |
2294 | lxcpath, lxcname); |
2295 | lxc_container_put(p); | |
2296 | } | |
2297 | out: | |
f10fad2f ME |
2298 | free(lxcpath); |
2299 | free(lxcname); | |
dfb31b25 SH |
2300 | fclose(f); |
2301 | } | |
2302 | ||
18aa217b | 2303 | static bool has_fs_snapshots(struct lxc_container *c) |
dfb31b25 | 2304 | { |
0ea055b3 | 2305 | FILE *f; |
dfb31b25 SH |
2306 | char path[MAXPATHLEN]; |
2307 | int ret, v; | |
0ea055b3 | 2308 | struct stat fbuf; |
dfb31b25 SH |
2309 | bool bret = false; |
2310 | ||
2311 | ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_snapshots", c->config_path, | |
2312 | c->name); | |
2313 | if (ret < 0 || ret > MAXPATHLEN) | |
2314 | goto out; | |
0ea055b3 CB |
2315 | /* If the file doesn't exist there are no snapshots. */ |
2316 | if (stat(path, &fbuf) < 0) | |
dfb31b25 | 2317 | goto out; |
0ea055b3 CB |
2318 | v = fbuf.st_size; |
2319 | if (v != 0) { | |
2320 | f = fopen(path, "r"); | |
2321 | if (!f) | |
2322 | goto out; | |
2323 | ret = fscanf(f, "%d", &v); | |
2324 | fclose(f); | |
2325 | // TODO: Figure out what to do with the return value of fscanf. | |
2326 | if (ret != 1) | |
2327 | INFO("Container uses new lxc-snapshots format %s", path); | |
2328 | } | |
dfb31b25 SH |
2329 | bret = v != 0; |
2330 | ||
2331 | out: | |
2332 | return bret; | |
2333 | } | |
2334 | ||
18aa217b SH |
2335 | static bool has_snapshots(struct lxc_container *c) |
2336 | { | |
2337 | char path[MAXPATHLEN]; | |
74f96976 | 2338 | struct dirent *direntp; |
18aa217b SH |
2339 | int count=0; |
2340 | DIR *dir; | |
2341 | ||
2342 | if (!get_snappath_dir(c, path)) | |
2343 | return false; | |
2344 | dir = opendir(path); | |
2345 | if (!dir) | |
2346 | return false; | |
74f96976 | 2347 | while ((direntp = readdir(dir))) { |
18aa217b SH |
2348 | if (!direntp) |
2349 | break; | |
2350 | ||
2351 | if (!strcmp(direntp->d_name, ".")) | |
2352 | continue; | |
2353 | ||
2354 | if (!strcmp(direntp->d_name, "..")) | |
2355 | continue; | |
2356 | count++; | |
2357 | break; | |
2358 | } | |
2359 | closedir(dir); | |
2360 | return count > 0; | |
2361 | } | |
2362 | ||
297c2d58 | 2363 | static bool do_destroy_container(struct lxc_conf *conf) { |
d028235d | 2364 | if (am_unpriv()) { |
c9b7c33e CB |
2365 | if (userns_exec_1(conf, bdev_destroy_wrapper, conf, |
2366 | "bdev_destroy_wrapper") < 0) | |
d028235d SG |
2367 | return false; |
2368 | return true; | |
2369 | } | |
2370 | return bdev_destroy(conf); | |
297c2d58 CB |
2371 | } |
2372 | ||
4355ab5f SH |
2373 | static int lxc_rmdir_onedev_wrapper(void *data) |
2374 | { | |
2375 | char *arg = (char *) data; | |
18aa217b | 2376 | return lxc_rmdir_onedev(arg, "snaps"); |
4355ab5f SH |
2377 | } |
2378 | ||
18aa217b | 2379 | static bool container_destroy(struct lxc_container *c) |
72d0e1cb | 2380 | { |
c868b261 | 2381 | bool bret = false; |
297c2d58 | 2382 | int ret = 0; |
a70a69e8 | 2383 | struct lxc_conf *conf; |
72d0e1cb | 2384 | |
858377e4 | 2385 | if (!c || !do_lxcapi_is_defined(c)) |
5a3d2e1e SG |
2386 | return false; |
2387 | ||
a70a69e8 | 2388 | conf = c->lxc_conf; |
3bc449ed | 2389 | if (container_disk_lock(c)) |
72d0e1cb | 2390 | return false; |
72d0e1cb | 2391 | |
39dc698c | 2392 | if (!is_stopped(c)) { |
60bf62d4 SH |
2393 | // we should queue some sort of error - in c->error_string? |
2394 | ERROR("container %s is not stopped", c->name); | |
2395 | goto out; | |
72d0e1cb SG |
2396 | } |
2397 | ||
a70a69e8 | 2398 | if (conf && !lxc_list_empty(&conf->hooks[LXCHOOK_DESTROY])) { |
37cf711b | 2399 | /* Start of environment variable setup for hooks */ |
ab7efcf5 | 2400 | if (c->name && setenv("LXC_NAME", c->name, 1)) { |
37cf711b SY |
2401 | SYSERROR("failed to set environment variable for container name"); |
2402 | } | |
ab7efcf5 | 2403 | if (conf->rcfile && setenv("LXC_CONFIG_FILE", conf->rcfile, 1)) { |
37cf711b SY |
2404 | SYSERROR("failed to set environment variable for config path"); |
2405 | } | |
ab7efcf5 | 2406 | if (conf->rootfs.mount && setenv("LXC_ROOTFS_MOUNT", conf->rootfs.mount, 1)) { |
37cf711b SY |
2407 | SYSERROR("failed to set environment variable for rootfs mount"); |
2408 | } | |
ab7efcf5 | 2409 | if (conf->rootfs.path && setenv("LXC_ROOTFS_PATH", conf->rootfs.path, 1)) { |
37cf711b SY |
2410 | SYSERROR("failed to set environment variable for rootfs mount"); |
2411 | } | |
2412 | if (conf->console.path && setenv("LXC_CONSOLE", conf->console.path, 1)) { | |
2413 | SYSERROR("failed to set environment variable for console path"); | |
2414 | } | |
2415 | if (conf->console.log_path && setenv("LXC_CONSOLE_LOGPATH", conf->console.log_path, 1)) { | |
2416 | SYSERROR("failed to set environment variable for console log"); | |
2417 | } | |
2418 | /* End of environment variable setup for hooks */ | |
2419 | ||
2420 | if (run_lxc_hooks(c->name, "destroy", conf, c->get_config_path(c), NULL)) { | |
2421 | ERROR("Error executing clone hook for %s", c->name); | |
2422 | goto out; | |
2423 | } | |
2424 | } | |
2425 | ||
2426 | if (current_config && conf == current_config) { | |
858377e4 | 2427 | current_config = NULL; |
37cf711b SY |
2428 | if (conf->logfd != -1) { |
2429 | close(conf->logfd); | |
2430 | conf->logfd = -1; | |
858377e4 SH |
2431 | } |
2432 | } | |
2433 | ||
d028235d SG |
2434 | if (conf && conf->rootfs.path && conf->rootfs.mount) { |
2435 | if (!do_destroy_container(conf)) { | |
2436 | ERROR("Error destroying rootfs for %s", c->name); | |
2437 | goto out; | |
2438 | } | |
2439 | INFO("Destroyed rootfs for %s", c->name); | |
2440 | } | |
60bf62d4 | 2441 | |
dfb31b25 SH |
2442 | mod_all_rdeps(c, false); |
2443 | ||
858377e4 | 2444 | const char *p1 = do_lxcapi_get_config_path(c); |
60bf62d4 SH |
2445 | char *path = alloca(strlen(p1) + strlen(c->name) + 2); |
2446 | sprintf(path, "%s/%s", p1, c->name); | |
c868b261 | 2447 | if (am_unpriv()) |
c9b7c33e CB |
2448 | ret = userns_exec_1(conf, lxc_rmdir_onedev_wrapper, path, |
2449 | "lxc_rmdir_onedev_wrapper"); | |
4355ab5f | 2450 | else |
18aa217b | 2451 | ret = lxc_rmdir_onedev(path, "snaps"); |
4355ab5f | 2452 | if (ret < 0) { |
60bf62d4 SH |
2453 | ERROR("Error destroying container directory for %s", c->name); |
2454 | goto out; | |
2455 | } | |
d028235d | 2456 | INFO("Destroyed directory for %s", c->name); |
297c2d58 | 2457 | |
fef48dc9 | 2458 | bret = true; |
60bf62d4 SH |
2459 | |
2460 | out: | |
3bc449ed | 2461 | container_disk_unlock(c); |
fef48dc9 | 2462 | return bret; |
72d0e1cb SG |
2463 | } |
2464 | ||
858377e4 | 2465 | static bool do_lxcapi_destroy(struct lxc_container *c) |
18aa217b SH |
2466 | { |
2467 | if (!c || !lxcapi_is_defined(c)) | |
2468 | return false; | |
2469 | if (has_snapshots(c)) { | |
2470 | ERROR("Container %s has snapshots; not removing", c->name); | |
2471 | return false; | |
2472 | } | |
2473 | ||
2474 | if (has_fs_snapshots(c)) { | |
2475 | ERROR("container %s has snapshots on its rootfs", c->name); | |
2476 | return false; | |
2477 | } | |
2478 | ||
2479 | return container_destroy(c); | |
2480 | } | |
2481 | ||
858377e4 | 2482 | WRAP_API(bool, lxcapi_destroy) |
18aa217b | 2483 | |
858377e4 | 2484 | static bool do_lxcapi_destroy_with_snapshots(struct lxc_container *c) |
18aa217b SH |
2485 | { |
2486 | if (!c || !lxcapi_is_defined(c)) | |
2487 | return false; | |
2488 | if (!lxcapi_snapshot_destroy_all(c)) { | |
2489 | ERROR("Error deleting all snapshots"); | |
2490 | return false; | |
2491 | } | |
2492 | return lxcapi_destroy(c); | |
2493 | } | |
2494 | ||
858377e4 SH |
2495 | WRAP_API(bool, lxcapi_destroy_with_snapshots) |
2496 | ||
96532523 SH |
2497 | static bool set_config_item_locked(struct lxc_container *c, const char *key, const char *v) |
2498 | { | |
2499 | struct lxc_config_t *config; | |
2500 | ||
2501 | if (!c->lxc_conf) | |
2502 | c->lxc_conf = lxc_conf_init(); | |
6b0d5538 | 2503 | if (!c->lxc_conf) |
96532523 SH |
2504 | return false; |
2505 | config = lxc_getconfig(key); | |
2506 | if (!config) | |
2507 | return false; | |
d37f7cd7 | 2508 | if (config->set(key, v, c->lxc_conf) != 0) |
f979ac15 | 2509 | return false; |
6b0d5538 | 2510 | return do_append_unexp_config_line(c->lxc_conf, key, v); |
96532523 SH |
2511 | } |
2512 | ||
858377e4 | 2513 | static bool do_lxcapi_set_config_item(struct lxc_container *c, const char *key, const char *v) |
72d0e1cb | 2514 | { |
72d0e1cb | 2515 | bool b = false; |
72d0e1cb SG |
2516 | |
2517 | if (!c) | |
2518 | return false; | |
2519 | ||
5cee8c50 | 2520 | if (container_mem_lock(c)) |
72d0e1cb SG |
2521 | return false; |
2522 | ||
96532523 | 2523 | b = set_config_item_locked(c, key, v); |
72d0e1cb | 2524 | |
5cee8c50 | 2525 | container_mem_unlock(c); |
72d0e1cb SG |
2526 | return b; |
2527 | } | |
2528 | ||
858377e4 SH |
2529 | WRAP_API_2(bool, lxcapi_set_config_item, const char *, const char *) |
2530 | ||
72d0e1cb SG |
2531 | static char *lxcapi_config_file_name(struct lxc_container *c) |
2532 | { | |
2533 | if (!c || !c->configfile) | |
2534 | return NULL; | |
2535 | return strdup(c->configfile); | |
2536 | } | |
2537 | ||
2a59a681 SH |
2538 | static const char *lxcapi_get_config_path(struct lxc_container *c) |
2539 | { | |
2540 | if (!c || !c->config_path) | |
2541 | return NULL; | |
2542 | return (const char *)(c->config_path); | |
2543 | } | |
2544 | ||
afeecbba SH |
2545 | /* |
2546 | * not for export | |
2547 | * Just recalculate the c->configfile based on the | |
2548 | * c->config_path, which must be set. | |
2549 | * The lxc_container must be locked or not yet public. | |
2550 | */ | |
2551 | static bool set_config_filename(struct lxc_container *c) | |
2552 | { | |
2553 | char *newpath; | |
2554 | int len, ret; | |
2555 | ||
2556 | if (!c->config_path) | |
2557 | return false; | |
2558 | ||
2559 | /* $lxc_path + "/" + c->name + "/" + "config" + '\0' */ | |
2560 | len = strlen(c->config_path) + strlen(c->name) + strlen("config") + 3; | |
2561 | newpath = malloc(len); | |
2562 | if (!newpath) | |
2563 | return false; | |
2564 | ||
2565 | ret = snprintf(newpath, len, "%s/%s/config", c->config_path, c->name); | |
2566 | if (ret < 0 || ret >= len) { | |
2567 | fprintf(stderr, "Error printing out config file name\n"); | |
2568 | free(newpath); | |
2569 | return false; | |
2570 | } | |
2571 | ||
f10fad2f | 2572 | free(c->configfile); |
afeecbba SH |
2573 | c->configfile = newpath; |
2574 | ||
2575 | return true; | |
2576 | } | |
2577 | ||
858377e4 | 2578 | static bool do_lxcapi_set_config_path(struct lxc_container *c, const char *path) |
2a59a681 SH |
2579 | { |
2580 | char *p; | |
2581 | bool b = false; | |
afeecbba | 2582 | char *oldpath = NULL; |
2a59a681 SH |
2583 | |
2584 | if (!c) | |
2585 | return b; | |
2586 | ||
5cee8c50 | 2587 | if (container_mem_lock(c)) |
2a59a681 SH |
2588 | return b; |
2589 | ||
2590 | p = strdup(path); | |
afeecbba SH |
2591 | if (!p) { |
2592 | ERROR("Out of memory setting new lxc path"); | |
2a59a681 | 2593 | goto err; |
afeecbba SH |
2594 | } |
2595 | ||
2a59a681 SH |
2596 | b = true; |
2597 | if (c->config_path) | |
afeecbba | 2598 | oldpath = c->config_path; |
2a59a681 | 2599 | c->config_path = p; |
afeecbba SH |
2600 | |
2601 | /* Since we've changed the config path, we have to change the | |
2602 | * config file name too */ | |
2603 | if (!set_config_filename(c)) { | |
2604 | ERROR("Out of memory setting new config filename"); | |
2605 | b = false; | |
2606 | free(c->config_path); | |
2607 | c->config_path = oldpath; | |
2608 | oldpath = NULL; | |
2609 | } | |
2a59a681 | 2610 | err: |
f10fad2f | 2611 | free(oldpath); |
5cee8c50 | 2612 | container_mem_unlock(c); |
2a59a681 SH |
2613 | return b; |
2614 | } | |
2615 | ||
858377e4 | 2616 | WRAP_API_1(bool, lxcapi_set_config_path, const char *) |
2a59a681 | 2617 | |
858377e4 | 2618 | static bool do_lxcapi_set_cgroup_item(struct lxc_container *c, const char *subsys, const char *value) |
794dd120 SH |
2619 | { |
2620 | int ret; | |
794dd120 SH |
2621 | |
2622 | if (!c) | |
2623 | return false; | |
2624 | ||
3bc449ed | 2625 | if (is_stopped(c)) |
794dd120 SH |
2626 | return false; |
2627 | ||
3bc449ed SH |
2628 | if (container_disk_lock(c)) |
2629 | return false; | |
794dd120 | 2630 | |
33ad9f1a | 2631 | ret = lxc_cgroup_set(subsys, value, c->name, c->config_path); |
3bc449ed SH |
2632 | |
2633 | container_disk_unlock(c); | |
2634 | return ret == 0; | |
794dd120 SH |
2635 | } |
2636 | ||
858377e4 SH |
2637 | WRAP_API_2(bool, lxcapi_set_cgroup_item, const char *, const char *) |
2638 | ||
2639 | static int do_lxcapi_get_cgroup_item(struct lxc_container *c, const char *subsys, char *retv, int inlen) | |
794dd120 | 2640 | { |
3bc449ed | 2641 | int ret; |
794dd120 | 2642 | |
6502006a | 2643 | if (!c) |
794dd120 SH |
2644 | return -1; |
2645 | ||
3bc449ed | 2646 | if (is_stopped(c)) |
794dd120 SH |
2647 | return -1; |
2648 | ||
3bc449ed SH |
2649 | if (container_disk_lock(c)) |
2650 | return -1; | |
794dd120 | 2651 | |
33ad9f1a | 2652 | ret = lxc_cgroup_get(subsys, retv, inlen, c->name, c->config_path); |
794dd120 | 2653 | |
3bc449ed | 2654 | container_disk_unlock(c); |
794dd120 SH |
2655 | return ret; |
2656 | } | |
2657 | ||
858377e4 SH |
2658 | WRAP_API_3(int, lxcapi_get_cgroup_item, const char *, char *, int) |
2659 | ||
593e8478 | 2660 | const char *lxc_get_global_config_item(const char *key) |
83c98d82 | 2661 | { |
593e8478 | 2662 | return lxc_global_config_value(key); |
a8428dfa SH |
2663 | } |
2664 | ||
b6b918a1 SG |
2665 | const char *lxc_get_version(void) |
2666 | { | |
95ee490b | 2667 | return LXC_VERSION; |
b6b918a1 SG |
2668 | } |
2669 | ||
f0ca2726 | 2670 | static int copy_file(const char *old, const char *new) |
9be53773 SH |
2671 | { |
2672 | int in, out; | |
2673 | ssize_t len, ret; | |
2674 | char buf[8096]; | |
2675 | struct stat sbuf; | |
2676 | ||
2677 | if (file_exists(new)) { | |
2678 | ERROR("copy destination %s exists", new); | |
2679 | return -1; | |
2680 | } | |
2681 | ret = stat(old, &sbuf); | |
2682 | if (ret < 0) { | |
dfb31b25 | 2683 | INFO("Error stat'ing %s", old); |
9be53773 SH |
2684 | return -1; |
2685 | } | |
2686 | ||
2687 | in = open(old, O_RDONLY); | |
2688 | if (in < 0) { | |
dfb31b25 | 2689 | SYSERROR("Error opening original file %s", old); |
9be53773 SH |
2690 | return -1; |
2691 | } | |
2692 | out = open(new, O_CREAT | O_EXCL | O_WRONLY, 0644); | |
2693 | if (out < 0) { | |
dfb31b25 | 2694 | SYSERROR("Error opening new file %s", new); |
9be53773 SH |
2695 | close(in); |
2696 | return -1; | |
2697 | } | |
2698 | ||
2699 | while (1) { | |
2700 | len = read(in, buf, 8096); | |
2701 | if (len < 0) { | |
dfb31b25 | 2702 | SYSERROR("Error reading old file %s", old); |
9be53773 SH |
2703 | goto err; |
2704 | } | |
2705 | if (len == 0) | |
2706 | break; | |
2707 | ret = write(out, buf, len); | |
6849cb5b | 2708 | if (ret < len) { // should we retry? |
dfb31b25 | 2709 | SYSERROR("Error: write to new file %s was interrupted", new); |
9be53773 SH |
2710 | goto err; |
2711 | } | |
2712 | } | |
2713 | close(in); | |
2714 | close(out); | |
2715 | ||
2716 | // we set mode, but not owner/group | |
2717 | ret = chmod(new, sbuf.st_mode); | |
2718 | if (ret) { | |
dfb31b25 | 2719 | SYSERROR("Error setting mode on %s", new); |
9be53773 SH |
2720 | return -1; |
2721 | } | |
2722 | ||
2723 | return 0; | |
2724 | ||
2725 | err: | |
2726 | close(in); | |
2727 | close(out); | |
2728 | return -1; | |
2729 | } | |
2730 | ||
9be53773 SH |
2731 | static int copyhooks(struct lxc_container *oldc, struct lxc_container *c) |
2732 | { | |
619256b5 | 2733 | int i, len, ret; |
9be53773 | 2734 | struct lxc_list *it; |
619256b5 ÇO |
2735 | char *cpath; |
2736 | ||
2737 | len = strlen(oldc->config_path) + strlen(oldc->name) + 3; | |
2738 | cpath = alloca(len); | |
2739 | ret = snprintf(cpath, len, "%s/%s/", oldc->config_path, oldc->name); | |
2740 | if (ret < 0 || ret >= len) | |
2741 | return -1; | |
9be53773 SH |
2742 | |
2743 | for (i=0; i<NUM_LXC_HOOKS; i++) { | |
2744 | lxc_list_for_each(it, &c->lxc_conf->hooks[i]) { | |
2745 | char *hookname = it->elem; | |
c32981c3 | 2746 | char *fname = strrchr(hookname, '/'); |
9be53773 SH |
2747 | char tmppath[MAXPATHLEN]; |
2748 | if (!fname) // relative path - we don't support, but maybe we should | |
2749 | return 0; | |
619256b5 ÇO |
2750 | if (strncmp(hookname, cpath, len - 1) != 0) { |
2751 | // this hook is public - ignore | |
2752 | continue; | |
2753 | } | |
9be53773 SH |
2754 | // copy the script, and change the entry in confile |
2755 | ret = snprintf(tmppath, MAXPATHLEN, "%s/%s/%s", | |
2756 | c->config_path, c->name, fname+1); | |
2757 | if (ret < 0 || ret >= MAXPATHLEN) | |
2758 | return -1; | |
2759 | ret = copy_file(it->elem, tmppath); | |
2760 | if (ret < 0) | |
2761 | return -1; | |
2762 | free(it->elem); | |
2763 | it->elem = strdup(tmppath); | |
2764 | if (!it->elem) { | |
2765 | ERROR("out of memory copying hook path"); | |
2766 | return -1; | |
2767 | } | |
9be53773 SH |
2768 | } |
2769 | } | |
2770 | ||
67702c21 SH |
2771 | if (!clone_update_unexp_hooks(c->lxc_conf, oldc->config_path, |
2772 | c->config_path, oldc->name, c->name)) { | |
6b0d5538 SH |
2773 | ERROR("Error saving new hooks in clone"); |
2774 | return -1; | |
2775 | } | |
858377e4 | 2776 | do_lxcapi_save_config(c, NULL); |
9be53773 SH |
2777 | return 0; |
2778 | } | |
2779 | ||
9be53773 SH |
2780 | |
2781 | static int copy_fstab(struct lxc_container *oldc, struct lxc_container *c) | |
2782 | { | |
2783 | char newpath[MAXPATHLEN]; | |
2784 | char *oldpath = oldc->lxc_conf->fstab; | |
2785 | int ret; | |
2786 | ||
2787 | if (!oldpath) | |
2788 | return 0; | |
2789 | ||
6b0d5538 SH |
2790 | clear_unexp_config_line(c->lxc_conf, "lxc.mount", false); |
2791 | ||
c32981c3 | 2792 | char *p = strrchr(oldpath, '/'); |
9be53773 SH |
2793 | if (!p) |
2794 | return -1; | |
2795 | ret = snprintf(newpath, MAXPATHLEN, "%s/%s%s", | |
2796 | c->config_path, c->name, p); | |
2797 | if (ret < 0 || ret >= MAXPATHLEN) { | |
2798 | ERROR("error printing new path for %s", oldpath); | |
2799 | return -1; | |
2800 | } | |
2801 | if (file_exists(newpath)) { | |
2802 | ERROR("error: fstab file %s exists", newpath); | |
2803 | return -1; | |
2804 | } | |
2805 | ||
2806 | if (copy_file(oldpath, newpath) < 0) { | |
2807 | ERROR("error: copying %s to %s", oldpath, newpath); | |
2808 | return -1; | |
2809 | } | |
2810 | free(c->lxc_conf->fstab); | |
2811 | c->lxc_conf->fstab = strdup(newpath); | |
2812 | if (!c->lxc_conf->fstab) { | |
2813 | ERROR("error: allocating pathname"); | |
2814 | return -1; | |
2815 | } | |
6b0d5538 SH |
2816 | if (!do_append_unexp_config_line(c->lxc_conf, "lxc.mount", newpath)) { |
2817 | ERROR("error saving new lxctab"); | |
2818 | return -1; | |
2819 | } | |
9be53773 SH |
2820 | |
2821 | return 0; | |
2822 | } | |
2823 | ||
dfb31b25 SH |
2824 | static void copy_rdepends(struct lxc_container *c, struct lxc_container *c0) |
2825 | { | |
2826 | char path0[MAXPATHLEN], path1[MAXPATHLEN]; | |
2827 | int ret; | |
2828 | ||
2829 | ret = snprintf(path0, MAXPATHLEN, "%s/%s/lxc_rdepends", c0->config_path, | |
2830 | c0->name); | |
2831 | if (ret < 0 || ret >= MAXPATHLEN) { | |
2832 | WARN("Error copying reverse dependencies"); | |
2833 | return; | |
2834 | } | |
2835 | ret = snprintf(path1, MAXPATHLEN, "%s/%s/lxc_rdepends", c->config_path, | |
2836 | c->name); | |
2837 | if (ret < 0 || ret >= MAXPATHLEN) { | |
2838 | WARN("Error copying reverse dependencies"); | |
2839 | return; | |
2840 | } | |
2841 | if (copy_file(path0, path1) < 0) { | |
2842 | INFO("Error copying reverse dependencies"); | |
2843 | return; | |
2844 | } | |
2845 | } | |
2846 | ||
2847 | static bool add_rdepends(struct lxc_container *c, struct lxc_container *c0) | |
2848 | { | |
2849 | int ret; | |
2850 | char path[MAXPATHLEN]; | |
2851 | FILE *f; | |
2852 | bool bret; | |
2853 | ||
2854 | ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_rdepends", c->config_path, | |
2855 | c->name); | |
2856 | if (ret < 0 || ret >= MAXPATHLEN) | |
2857 | return false; | |
2858 | f = fopen(path, "a"); | |
2859 | if (!f) | |
2860 | return false; | |
2861 | bret = true; | |
2862 | // if anything goes wrong, just return an error | |
2863 | if (fprintf(f, "%s\n%s\n", c0->config_path, c0->name) < 0) | |
2864 | bret = false; | |
2865 | if (fclose(f) != 0) | |
2866 | bret = false; | |
2867 | return bret; | |
2868 | } | |
2869 | ||
15a90a10 SH |
2870 | /* |
2871 | * If the fs natively supports snapshot clones with no penalty, | |
2872 | * then default to those even if not requested. | |
2873 | * Currently we only do this for btrfs. | |
2874 | */ | |
2875 | bool should_default_to_snapshot(struct lxc_container *c0, | |
2876 | struct lxc_container *c1) | |
2877 | { | |
2878 | size_t l0 = strlen(c0->config_path) + strlen(c0->name) + 2; | |
2879 | size_t l1 = strlen(c1->config_path) + strlen(c1->name) + 2; | |
2880 | char *p0 = alloca(l0 + 1); | |
2881 | char *p1 = alloca(l1 + 1); | |
6e0fa6a0 | 2882 | char *rootfs = c0->lxc_conf->rootfs.path; |
15a90a10 SH |
2883 | |
2884 | snprintf(p0, l0, "%s/%s", c0->config_path, c0->name); | |
2885 | snprintf(p1, l1, "%s/%s", c1->config_path, c1->name); | |
9a09badc CB |
2886 | |
2887 | if (!is_btrfs_fs(p0) || !is_btrfs_fs(p1)) | |
2888 | return false; | |
2889 | ||
6e0fa6a0 CB |
2890 | if (is_btrfs_subvol(rootfs) <= 0) |
2891 | return false; | |
2892 | ||
15a90a10 SH |
2893 | return btrfs_same_fs(p0, p1) == 0; |
2894 | } | |
2895 | ||
9be53773 | 2896 | static int copy_storage(struct lxc_container *c0, struct lxc_container *c, |
763429b6 CB |
2897 | const char *newtype, int flags, const char *bdevdata, |
2898 | uint64_t newsize) | |
9be53773 SH |
2899 | { |
2900 | struct bdev *bdev; | |
dfb31b25 | 2901 | int need_rdep; |
9be53773 | 2902 | |
15a90a10 SH |
2903 | if (should_default_to_snapshot(c0, c)) |
2904 | flags |= LXC_CLONE_SNAPSHOT; | |
2905 | ||
763429b6 CB |
2906 | bdev = bdev_copy(c0, c->name, c->config_path, newtype, flags, bdevdata, |
2907 | newsize, &need_rdep); | |
9be53773 | 2908 | if (!bdev) { |
763429b6 | 2909 | ERROR("Error copying storage."); |
9be53773 SH |
2910 | return -1; |
2911 | } | |
763429b6 CB |
2912 | |
2913 | /* Set new rootfs. */ | |
9be53773 SH |
2914 | free(c->lxc_conf->rootfs.path); |
2915 | c->lxc_conf->rootfs.path = strdup(bdev->src); | |
763429b6 CB |
2916 | |
2917 | /* Set new bdev type. */ | |
8869eb5f CB |
2918 | free(c->lxc_conf->rootfs.bdev_type); |
2919 | c->lxc_conf->rootfs.bdev_type = strdup(bdev->type); | |
9be53773 | 2920 | bdev_put(bdev); |
763429b6 | 2921 | |
dfb31b25 | 2922 | if (!c->lxc_conf->rootfs.path) { |
763429b6 CB |
2923 | ERROR("Out of memory while setting storage path."); |
2924 | return -1; | |
2925 | } | |
2926 | if (!c->lxc_conf->rootfs.bdev_type) { | |
2927 | ERROR("Out of memory while setting rootfs backend."); | |
9be53773 | 2928 | return -1; |
dfb31b25 | 2929 | } |
763429b6 CB |
2930 | |
2931 | /* Append a new lxc.rootfs entry to the unexpanded config. */ | |
6b0d5538 | 2932 | clear_unexp_config_line(c->lxc_conf, "lxc.rootfs", false); |
763429b6 CB |
2933 | if (!do_append_unexp_config_line(c->lxc_conf, "lxc.rootfs", |
2934 | c->lxc_conf->rootfs.path)) { | |
2935 | ERROR("Error saving new rootfs to cloned config."); | |
d0218321 SH |
2936 | return -1; |
2937 | } | |
763429b6 CB |
2938 | |
2939 | /* Append a new lxc.rootfs.backend entry to the unexpanded config. */ | |
8869eb5f | 2940 | clear_unexp_config_line(c->lxc_conf, "lxc.rootfs.backend", false); |
763429b6 CB |
2941 | if (!do_append_unexp_config_line(c->lxc_conf, "lxc.rootfs.backend", |
2942 | c->lxc_conf->rootfs.bdev_type)) { | |
2943 | ERROR("Error saving new rootfs backend to cloned config."); | |
8869eb5f CB |
2944 | return -1; |
2945 | } | |
763429b6 | 2946 | |
eee59f94 SH |
2947 | if (flags & LXC_CLONE_SNAPSHOT) |
2948 | copy_rdepends(c, c0); | |
dfb31b25 SH |
2949 | if (need_rdep) { |
2950 | if (!add_rdepends(c, c0)) | |
2951 | WARN("Error adding reverse dependency from %s to %s", | |
763429b6 | 2952 | c->name, c0->name); |
dfb31b25 SH |
2953 | } |
2954 | ||
2955 | mod_all_rdeps(c, true); | |
2956 | ||
9be53773 SH |
2957 | return 0; |
2958 | } | |
2959 | ||
1354955b SH |
2960 | struct clone_update_data { |
2961 | struct lxc_container *c0; | |
2962 | struct lxc_container *c1; | |
2963 | int flags; | |
2964 | char **hookargs; | |
2965 | }; | |
2966 | ||
2967 | static int clone_update_rootfs(struct clone_update_data *data) | |
9be53773 | 2968 | { |
1354955b SH |
2969 | struct lxc_container *c0 = data->c0; |
2970 | struct lxc_container *c = data->c1; | |
2971 | int flags = data->flags; | |
2972 | char **hookargs = data->hookargs; | |
9be53773 SH |
2973 | int ret = -1; |
2974 | char path[MAXPATHLEN]; | |
2975 | struct bdev *bdev; | |
2976 | FILE *fout; | |
148e91f5 | 2977 | struct lxc_conf *conf = c->lxc_conf; |
9be53773 SH |
2978 | |
2979 | /* update hostname in rootfs */ | |
2980 | /* we're going to mount, so run in a clean namespace to simplify cleanup */ | |
2981 | ||
1354955b SH |
2982 | if (setgid(0) < 0) { |
2983 | ERROR("Failed to setgid to 0"); | |
2984 | return -1; | |
2985 | } | |
2986 | if (setuid(0) < 0) { | |
2987 | ERROR("Failed to setuid to 0"); | |
9be53773 | 2988 | return -1; |
1354955b | 2989 | } |
c476bdce SH |
2990 | if (setgroups(0, NULL) < 0) |
2991 | WARN("Failed to clear groups"); | |
9be53773 | 2992 | |
1354955b SH |
2993 | if (unshare(CLONE_NEWNS) < 0) |
2994 | return -1; | |
76a26f55 | 2995 | bdev = bdev_init(c->lxc_conf, c->lxc_conf->rootfs.path, c->lxc_conf->rootfs.mount, NULL); |
9be53773 | 2996 | if (!bdev) |
1354955b | 2997 | return -1; |
cf3ef16d SH |
2998 | if (strcmp(bdev->type, "dir") != 0) { |
2999 | if (unshare(CLONE_NEWNS) < 0) { | |
3000 | ERROR("error unsharing mounts"); | |
e7de366c | 3001 | bdev_put(bdev); |
1354955b | 3002 | return -1; |
cf3ef16d | 3003 | } |
2c6f3fc9 SH |
3004 | if (detect_shared_rootfs()) { |
3005 | if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL)) { | |
3006 | SYSERROR("Failed to make / rslave"); | |
3007 | ERROR("Continuing..."); | |
3008 | } | |
3009 | } | |
e7de366c SG |
3010 | if (bdev->ops->mount(bdev) < 0) { |
3011 | bdev_put(bdev); | |
1354955b | 3012 | return -1; |
e7de366c | 3013 | } |
cf3ef16d | 3014 | } else { // TODO come up with a better way |
f10fad2f | 3015 | free(bdev->dest); |
cf3ef16d SH |
3016 | bdev->dest = strdup(bdev->src); |
3017 | } | |
148e91f5 SH |
3018 | |
3019 | if (!lxc_list_empty(&conf->hooks[LXCHOOK_CLONE])) { | |
3020 | /* Start of environment variable setup for hooks */ | |
ab7efcf5 | 3021 | if (c0->name && setenv("LXC_SRC_NAME", c0->name, 1)) { |
1143ed39 DE |
3022 | SYSERROR("failed to set environment variable for source container name"); |
3023 | } | |
ab7efcf5 | 3024 | if (c->name && setenv("LXC_NAME", c->name, 1)) { |
148e91f5 SH |
3025 | SYSERROR("failed to set environment variable for container name"); |
3026 | } | |
ab7efcf5 | 3027 | if (conf->rcfile && setenv("LXC_CONFIG_FILE", conf->rcfile, 1)) { |
148e91f5 SH |
3028 | SYSERROR("failed to set environment variable for config path"); |
3029 | } | |
ab7efcf5 | 3030 | if (bdev->dest && setenv("LXC_ROOTFS_MOUNT", bdev->dest, 1)) { |
148e91f5 SH |
3031 | SYSERROR("failed to set environment variable for rootfs mount"); |
3032 | } | |
ab7efcf5 | 3033 | if (conf->rootfs.path && setenv("LXC_ROOTFS_PATH", conf->rootfs.path, 1)) { |
148e91f5 SH |
3034 | SYSERROR("failed to set environment variable for rootfs mount"); |
3035 | } | |
3036 | ||
283678ed | 3037 | if (run_lxc_hooks(c->name, "clone", conf, c->get_config_path(c), hookargs)) { |
148e91f5 | 3038 | ERROR("Error executing clone hook for %s", c->name); |
e7de366c | 3039 | bdev_put(bdev); |
1354955b | 3040 | return -1; |
148e91f5 SH |
3041 | } |
3042 | } | |
3043 | ||
3044 | if (!(flags & LXC_CLONE_KEEPNAME)) { | |
3045 | ret = snprintf(path, MAXPATHLEN, "%s/etc/hostname", bdev->dest); | |
e7de366c SG |
3046 | bdev_put(bdev); |
3047 | ||
148e91f5 | 3048 | if (ret < 0 || ret >= MAXPATHLEN) |
1354955b | 3049 | return -1; |
8058be39 | 3050 | if (!file_exists(path)) |
1354955b | 3051 | return 0; |
148e91f5 | 3052 | if (!(fout = fopen(path, "w"))) { |
959aee9c | 3053 | SYSERROR("unable to open %s: ignoring", path); |
1354955b | 3054 | return 0; |
148e91f5 | 3055 | } |
a684f0b7 ÇO |
3056 | if (fprintf(fout, "%s", c->name) < 0) { |
3057 | fclose(fout); | |
1354955b | 3058 | return -1; |
6849cb5b | 3059 | } |
148e91f5 | 3060 | if (fclose(fout) < 0) |
1354955b | 3061 | return -1; |
9be53773 | 3062 | } |
e7de366c SG |
3063 | else |
3064 | bdev_put(bdev); | |
3065 | ||
1354955b SH |
3066 | return 0; |
3067 | } | |
3068 | ||
3069 | static int clone_update_rootfs_wrapper(void *data) | |
3070 | { | |
3071 | struct clone_update_data *arg = (struct clone_update_data *) data; | |
3072 | return clone_update_rootfs(arg); | |
9be53773 SH |
3073 | } |
3074 | ||
3075 | /* | |
3076 | * We want to support: | |
3077 | sudo lxc-clone -o o1 -n n1 -s -L|-fssize fssize -v|--vgname vgname \ | |
3078 | -p|--lvprefix lvprefix -t|--fstype fstype -B backingstore | |
3079 | ||
3080 | -s [ implies overlayfs] | |
3081 | -s -B overlayfs | |
3082 | -s -B aufs | |
3083 | ||
3084 | only rootfs gets converted (copied/snapshotted) on clone. | |
3085 | */ | |
3086 | ||
d5752559 | 3087 | static int create_file_dirname(char *path, struct lxc_conf *conf) |
9be53773 | 3088 | { |
c32981c3 | 3089 | char *p = strrchr(path, '/'); |
d5752559 | 3090 | int ret = -1; |
9be53773 SH |
3091 | |
3092 | if (!p) | |
3093 | return -1; | |
3094 | *p = '\0'; | |
d028235d | 3095 | ret = do_create_container_dir(path, conf); |
9be53773 SH |
3096 | *p = '/'; |
3097 | return ret; | |
3098 | } | |
3099 | ||
858377e4 | 3100 | static struct lxc_container *do_lxcapi_clone(struct lxc_container *c, const char *newname, |
9be53773 | 3101 | const char *lxcpath, int flags, |
d659597e | 3102 | const char *bdevtype, const char *bdevdata, uint64_t newsize, |
148e91f5 | 3103 | char **hookargs) |
9be53773 SH |
3104 | { |
3105 | struct lxc_container *c2 = NULL; | |
3106 | char newpath[MAXPATHLEN]; | |
176d9acb | 3107 | int ret, storage_copied = 0; |
5eea90e8 | 3108 | char *origroot = NULL, *saved_unexp_conf = NULL; |
1354955b | 3109 | struct clone_update_data data; |
3b392519 | 3110 | size_t saved_unexp_len; |
9be53773 | 3111 | FILE *fout; |
1354955b | 3112 | pid_t pid; |
9be53773 | 3113 | |
858377e4 | 3114 | if (!c || !do_lxcapi_is_defined(c)) |
9be53773 SH |
3115 | return NULL; |
3116 | ||
5cee8c50 | 3117 | if (container_mem_lock(c)) |
9be53773 SH |
3118 | return NULL; |
3119 | ||
39dc698c | 3120 | if (!is_stopped(c)) { |
9be53773 SH |
3121 | ERROR("error: Original container (%s) is running", c->name); |
3122 | goto out; | |
3123 | } | |
3124 | ||
3125 | // Make sure the container doesn't yet exist. | |
05d53f4c SH |
3126 | if (!newname) |
3127 | newname = c->name; | |
3128 | if (!lxcpath) | |
858377e4 | 3129 | lxcpath = do_lxcapi_get_config_path(c); |
05d53f4c | 3130 | ret = snprintf(newpath, MAXPATHLEN, "%s/%s/config", lxcpath, newname); |
6849cb5b | 3131 | if (ret < 0 || ret >= MAXPATHLEN) { |
9be53773 SH |
3132 | SYSERROR("clone: failed making config pathname"); |
3133 | goto out; | |
3134 | } | |
3135 | if (file_exists(newpath)) { | |
3136 | ERROR("error: clone: %s exists", newpath); | |
3137 | goto out; | |
3138 | } | |
3139 | ||
d5752559 | 3140 | ret = create_file_dirname(newpath, c->lxc_conf); |
96532523 | 3141 | if (ret < 0 && errno != EEXIST) { |
9be53773 SH |
3142 | ERROR("Error creating container dir for %s", newpath); |
3143 | goto out; | |
3144 | } | |
3145 | ||
3146 | // copy the configuration, tweak it as needed, | |
8d2efe40 SH |
3147 | if (c->lxc_conf->rootfs.path) { |
3148 | origroot = c->lxc_conf->rootfs.path; | |
3149 | c->lxc_conf->rootfs.path = NULL; | |
3150 | } | |
9be53773 SH |
3151 | fout = fopen(newpath, "w"); |
3152 | if (!fout) { | |
3153 | SYSERROR("open %s", newpath); | |
3154 | goto out; | |
3155 | } | |
5eea90e8 SH |
3156 | |
3157 | saved_unexp_conf = c->lxc_conf->unexpanded_config; | |
3b392519 | 3158 | saved_unexp_len = c->lxc_conf->unexpanded_len; |
5eea90e8 SH |
3159 | c->lxc_conf->unexpanded_config = strdup(saved_unexp_conf); |
3160 | if (!c->lxc_conf->unexpanded_config) { | |
3161 | ERROR("Out of memory"); | |
7d72b959 | 3162 | fclose(fout); |
5eea90e8 SH |
3163 | goto out; |
3164 | } | |
3165 | clear_unexp_config_line(c->lxc_conf, "lxc.rootfs", false); | |
6b0d5538 | 3166 | write_config(fout, c->lxc_conf); |
9be53773 | 3167 | fclose(fout); |
8d2efe40 | 3168 | c->lxc_conf->rootfs.path = origroot; |
5eea90e8 SH |
3169 | free(c->lxc_conf->unexpanded_config); |
3170 | c->lxc_conf->unexpanded_config = saved_unexp_conf; | |
3171 | saved_unexp_conf = NULL; | |
3b392519 | 3172 | c->lxc_conf->unexpanded_len = saved_unexp_len; |
9be53773 | 3173 | |
05d53f4c | 3174 | sprintf(newpath, "%s/%s/rootfs", lxcpath, newname); |
9be53773 SH |
3175 | if (mkdir(newpath, 0755) < 0) { |
3176 | SYSERROR("error creating %s", newpath); | |
3177 | goto out; | |
3178 | } | |
3179 | ||
1354955b SH |
3180 | if (am_unpriv()) { |
3181 | if (chown_mapped_root(newpath, c->lxc_conf) < 0) { | |
959aee9c | 3182 | ERROR("Error chowning %s to container root", newpath); |
1354955b SH |
3183 | goto out; |
3184 | } | |
3185 | } | |
3186 | ||
05d53f4c | 3187 | c2 = lxc_container_new(newname, lxcpath); |
375c2258 | 3188 | if (!c2) { |
05d53f4c SH |
3189 | ERROR("clone: failed to create new container (%s %s)", newname, |
3190 | lxcpath); | |
9be53773 SH |
3191 | goto out; |
3192 | } | |
8d2efe40 SH |
3193 | |
3194 | // copy/snapshot rootfs's | |
3195 | ret = copy_storage(c, c2, bdevtype, flags, bdevdata, newsize); | |
3196 | if (ret < 0) | |
3197 | goto out; | |
9be53773 | 3198 | |
6b0d5538 | 3199 | |
96532523 | 3200 | // update utsname |
3d7ad474 CB |
3201 | if (!(flags & LXC_CLONE_KEEPNAME)) { |
3202 | clear_unexp_config_line(c2->lxc_conf, "lxc.utsname", false); | |
3203 | ||
3204 | if (!set_config_item_locked(c2, "lxc.utsname", newname)) { | |
3205 | ERROR("Error setting new hostname"); | |
3206 | goto out; | |
3207 | } | |
96532523 SH |
3208 | } |
3209 | ||
619256b5 ÇO |
3210 | // copy hooks |
3211 | ret = copyhooks(c, c2); | |
3212 | if (ret < 0) { | |
3213 | ERROR("error copying hooks"); | |
3214 | goto out; | |
9be53773 SH |
3215 | } |
3216 | ||
3217 | if (copy_fstab(c, c2) < 0) { | |
3218 | ERROR("error copying fstab"); | |
9be53773 SH |
3219 | goto out; |
3220 | } | |
3221 | ||
3222 | // update macaddrs | |
6b0d5538 | 3223 | if (!(flags & LXC_CLONE_KEEPMACADDR)) { |
67702c21 SH |
3224 | if (!network_new_hwaddrs(c2->lxc_conf)) { |
3225 | ERROR("Error updating mac addresses"); | |
6b0d5538 SH |
3226 | goto out; |
3227 | } | |
3228 | } | |
9be53773 | 3229 | |
030ce9a9 | 3230 | // update absolute paths for overlay mount directories |
83e79752 | 3231 | if (ovl_update_abs_paths(c2->lxc_conf, c->config_path, c->name, lxcpath, newname) < 0) |
030ce9a9 CB |
3232 | goto out; |
3233 | ||
176d9acb SH |
3234 | // We've now successfully created c2's storage, so clear it out if we |
3235 | // fail after this | |
3236 | storage_copied = 1; | |
3237 | ||
375c2258 | 3238 | if (!c2->save_config(c2, NULL)) |
9be53773 | 3239 | goto out; |
9be53773 | 3240 | |
1354955b SH |
3241 | if ((pid = fork()) < 0) { |
3242 | SYSERROR("fork"); | |
9be53773 | 3243 | goto out; |
1354955b SH |
3244 | } |
3245 | if (pid > 0) { | |
3246 | ret = wait_for_pid(pid); | |
3247 | if (ret) | |
3248 | goto out; | |
3249 | container_mem_unlock(c); | |
3250 | return c2; | |
3251 | } | |
3252 | data.c0 = c; | |
3253 | data.c1 = c2; | |
3254 | data.flags = flags; | |
3255 | data.hookargs = hookargs; | |
3256 | if (am_unpriv()) | |
3257 | ret = userns_exec_1(c->lxc_conf, clone_update_rootfs_wrapper, | |
c9b7c33e | 3258 | &data, "clone_update_rootfs_wrapper"); |
1354955b SH |
3259 | else |
3260 | ret = clone_update_rootfs(&data); | |
3261 | if (ret < 0) | |
3262 | exit(1); | |
9be53773 | 3263 | |
5cee8c50 | 3264 | container_mem_unlock(c); |
1354955b | 3265 | exit(0); |
9be53773 SH |
3266 | |
3267 | out: | |
5cee8c50 | 3268 | container_mem_unlock(c); |
375c2258 | 3269 | if (c2) { |
176d9acb SH |
3270 | if (!storage_copied) |
3271 | c2->lxc_conf->rootfs.path = NULL; | |
375c2258 | 3272 | c2->destroy(c2); |
9be53773 | 3273 | lxc_container_put(c2); |
375c2258 | 3274 | } |
9be53773 SH |
3275 | |
3276 | return NULL; | |
3277 | } | |
3278 | ||
858377e4 SH |
3279 | static struct lxc_container *lxcapi_clone(struct lxc_container *c, const char *newname, |
3280 | const char *lxcpath, int flags, | |
3281 | const char *bdevtype, const char *bdevdata, uint64_t newsize, | |
3282 | char **hookargs) | |
3283 | { | |
3284 | struct lxc_container * ret; | |
3285 | current_config = c ? c->lxc_conf : NULL; | |
3286 | ret = do_lxcapi_clone(c, newname, lxcpath, flags, bdevtype, bdevdata, newsize, hookargs); | |
3287 | current_config = NULL; | |
3288 | return ret; | |
3289 | } | |
3290 | ||
3291 | static bool do_lxcapi_rename(struct lxc_container *c, const char *newname) | |
06e5650e ÇO |
3292 | { |
3293 | struct bdev *bdev; | |
3294 | struct lxc_container *newc; | |
06e5650e | 3295 | |
d693cf93 | 3296 | if (!c || !c->name || !c->config_path || !c->lxc_conf) |
06e5650e ÇO |
3297 | return false; |
3298 | ||
18aa217b SH |
3299 | if (has_fs_snapshots(c) || has_snapshots(c)) { |
3300 | ERROR("Renaming a container with snapshots is not supported"); | |
3301 | return false; | |
3302 | } | |
76a26f55 | 3303 | bdev = bdev_init(c->lxc_conf, c->lxc_conf->rootfs.path, c->lxc_conf->rootfs.mount, NULL); |
06e5650e ÇO |
3304 | if (!bdev) { |
3305 | ERROR("Failed to find original backing store type"); | |
3306 | return false; | |
3307 | } | |
3308 | ||
619256b5 | 3309 | newc = lxcapi_clone(c, newname, c->config_path, LXC_CLONE_KEEPMACADDR, NULL, bdev->type, 0, NULL); |
06e5650e ÇO |
3310 | bdev_put(bdev); |
3311 | if (!newc) { | |
3312 | lxc_container_put(newc); | |
3313 | return false; | |
3314 | } | |
3315 | ||
3316 | if (newc && lxcapi_is_defined(newc)) | |
3317 | lxc_container_put(newc); | |
3318 | ||
18aa217b | 3319 | if (!container_destroy(c)) { |
06e5650e ÇO |
3320 | ERROR("Could not destroy existing container %s", c->name); |
3321 | return false; | |
3322 | } | |
3323 | return true; | |
3324 | } | |
3325 | ||
858377e4 SH |
3326 | WRAP_API_1(bool, lxcapi_rename, const char *) |
3327 | ||
a0e93eeb CS |
3328 | static int lxcapi_attach(struct lxc_container *c, lxc_attach_exec_t exec_function, void *exec_payload, lxc_attach_options_t *options, pid_t *attached_process) |
3329 | { | |
858377e4 SH |
3330 | int ret; |
3331 | ||
a0e93eeb CS |
3332 | if (!c) |
3333 | return -1; | |
3334 | ||
858377e4 SH |
3335 | current_config = c->lxc_conf; |
3336 | ||
3337 | ret = lxc_attach(c->name, c->config_path, exec_function, exec_payload, options, attached_process); | |
3338 | current_config = NULL; | |
3339 | return ret; | |
a0e93eeb CS |
3340 | } |
3341 | ||
858377e4 | 3342 | static int do_lxcapi_attach_run_wait(struct lxc_container *c, lxc_attach_options_t *options, const char *program, const char * const argv[]) |
a0e93eeb CS |
3343 | { |
3344 | lxc_attach_command_t command; | |
3345 | pid_t pid; | |
3346 | int r; | |
3347 | ||
3348 | if (!c) | |
3349 | return -1; | |
3350 | ||
3351 | command.program = (char*)program; | |
3352 | command.argv = (char**)argv; | |
3353 | r = lxc_attach(c->name, c->config_path, lxc_attach_run_command, &command, options, &pid); | |
3354 | if (r < 0) { | |
3355 | ERROR("ups"); | |
3356 | return r; | |
3357 | } | |
3358 | return lxc_wait_for_pid_status(pid); | |
3359 | } | |
3360 | ||
858377e4 SH |
3361 | static int lxcapi_attach_run_wait(struct lxc_container *c, lxc_attach_options_t *options, const char *program, const char * const argv[]) |
3362 | { | |
3363 | int ret; | |
3364 | current_config = c ? c->lxc_conf : NULL; | |
3365 | ret = do_lxcapi_attach_run_wait(c, options, program, argv); | |
3366 | current_config = NULL; | |
3367 | return ret; | |
3368 | } | |
3369 | ||
74a3920a | 3370 | static int get_next_index(const char *lxcpath, char *cname) |
f5dd1d53 SH |
3371 | { |
3372 | char *fname; | |
3373 | struct stat sb; | |
3374 | int i = 0, ret; | |
3375 | ||
3376 | fname = alloca(strlen(lxcpath) + 20); | |
3377 | while (1) { | |
3378 | sprintf(fname, "%s/snap%d", lxcpath, i); | |
3379 | ret = stat(fname, &sb); | |
3380 | if (ret != 0) | |
3381 | return i; | |
3382 | i++; | |
3383 | } | |
3384 | } | |
3385 | ||
18aa217b SH |
3386 | static bool get_snappath_dir(struct lxc_container *c, char *snappath) |
3387 | { | |
3388 | int ret; | |
3389 | /* | |
3390 | * If the old style snapshot path exists, use it | |
3391 | * /var/lib/lxc -> /var/lib/lxcsnaps | |
3392 | */ | |
3393 | ret = snprintf(snappath, MAXPATHLEN, "%ssnaps", c->config_path); | |
3394 | if (ret < 0 || ret >= MAXPATHLEN) | |
3395 | return false; | |
3396 | if (dir_exists(snappath)) { | |
3397 | ret = snprintf(snappath, MAXPATHLEN, "%ssnaps/%s", c->config_path, c->name); | |
3398 | if (ret < 0 || ret >= MAXPATHLEN) | |
3399 | return false; | |
3400 | return true; | |
3401 | } | |
3402 | ||
3403 | /* | |
3404 | * Use the new style path | |
3405 | * /var/lib/lxc -> /var/lib/lxc + c->name + /snaps + \0 | |
3406 | */ | |
3407 | ret = snprintf(snappath, MAXPATHLEN, "%s/%s/snaps", c->config_path, c->name); | |
3408 | if (ret < 0 || ret >= MAXPATHLEN) | |
3409 | return false; | |
3410 | return true; | |
3411 | } | |
3412 | ||
858377e4 | 3413 | static int do_lxcapi_snapshot(struct lxc_container *c, const char *commentfile) |
f5dd1d53 SH |
3414 | { |
3415 | int i, flags, ret; | |
3416 | struct lxc_container *c2; | |
3417 | char snappath[MAXPATHLEN], newname[20]; | |
3418 | ||
840f05df SH |
3419 | if (!c || !lxcapi_is_defined(c)) |
3420 | return -1; | |
3421 | ||
cdd01be2 SH |
3422 | if (!bdev_can_backup(c->lxc_conf)) { |
3423 | ERROR("%s's backing store cannot be backed up.", c->name); | |
3424 | ERROR("Your container must use another backing store type."); | |
3425 | return -1; | |
3426 | } | |
3427 | ||
18aa217b | 3428 | if (!get_snappath_dir(c, snappath)) |
f5dd1d53 | 3429 | return -1; |
18aa217b | 3430 | |
f5dd1d53 SH |
3431 | i = get_next_index(snappath, c->name); |
3432 | ||
3433 | if (mkdir_p(snappath, 0755) < 0) { | |
3434 | ERROR("Failed to create snapshot directory %s", snappath); | |
3435 | return -1; | |
3436 | } | |
3437 | ||
3438 | ret = snprintf(newname, 20, "snap%d", i); | |
3439 | if (ret < 0 || ret >= 20) | |
3440 | return -1; | |
3441 | ||
0a83cbbb SH |
3442 | /* |
3443 | * We pass LXC_CLONE_SNAPSHOT to make sure that a rdepends file entry is | |
3444 | * created in the original container | |
3445 | */ | |
3446 | flags = LXC_CLONE_SNAPSHOT | LXC_CLONE_KEEPMACADDR | LXC_CLONE_KEEPNAME | | |
3447 | LXC_CLONE_KEEPBDEVTYPE | LXC_CLONE_MAYBE_SNAPSHOT; | |
76a26f55 | 3448 | if (bdev_is_dir(c->lxc_conf, c->lxc_conf->rootfs.path)) { |
8c39f7a4 SH |
3449 | ERROR("Snapshot of directory-backed container requested."); |
3450 | ERROR("Making a copy-clone. If you do want snapshots, then"); | |
1f92162d | 3451 | ERROR("please create an aufs or overlayfs clone first, snapshot that"); |
8c39f7a4 SH |
3452 | ERROR("and keep the original container pristine."); |
3453 | flags &= ~LXC_CLONE_SNAPSHOT | LXC_CLONE_MAYBE_SNAPSHOT; | |
3454 | } | |
858377e4 | 3455 | c2 = do_lxcapi_clone(c, newname, snappath, flags, NULL, NULL, 0, NULL); |
f5dd1d53 | 3456 | if (!c2) { |
959aee9c | 3457 | ERROR("clone of %s:%s failed", c->config_path, c->name); |
f5dd1d53 SH |
3458 | return -1; |
3459 | } | |
3460 | ||
3461 | lxc_container_put(c2); | |
3462 | ||
3463 | // Now write down the creation time | |
3464 | time_t timer; | |
3465 | char buffer[25]; | |
3466 | struct tm* tm_info; | |
025ed0f3 | 3467 | FILE *f; |
f5dd1d53 SH |
3468 | |
3469 | time(&timer); | |
3470 | tm_info = localtime(&timer); | |
3471 | ||
3472 | strftime(buffer, 25, "%Y:%m:%d %H:%M:%S", tm_info); | |
3473 | ||
3474 | char *dfnam = alloca(strlen(snappath) + strlen(newname) + 5); | |
3475 | sprintf(dfnam, "%s/%s/ts", snappath, newname); | |
025ed0f3 | 3476 | f = fopen(dfnam, "w"); |
f5dd1d53 | 3477 | if (!f) { |
959aee9c | 3478 | ERROR("Failed to open %s", dfnam); |
f5dd1d53 SH |
3479 | return -1; |
3480 | } | |
3481 | if (fprintf(f, "%s", buffer) < 0) { | |
3482 | SYSERROR("Writing timestamp"); | |
3483 | fclose(f); | |
3484 | return -1; | |
3485 | } | |
025ed0f3 | 3486 | ret = fclose(f); |
025ed0f3 | 3487 | if (ret != 0) { |
f5dd1d53 SH |
3488 | SYSERROR("Writing timestamp"); |
3489 | return -1; | |
3490 | } | |
3491 | ||
3492 | if (commentfile) { | |
3493 | // $p / $name / comment \0 | |
3494 | int len = strlen(snappath) + strlen(newname) + 10; | |
3495 | char *path = alloca(len); | |
3496 | sprintf(path, "%s/%s/comment", snappath, newname); | |
3497 | return copy_file(commentfile, path) < 0 ? -1 : i; | |
3498 | } | |
3499 | ||
3500 | return i; | |
3501 | } | |
3502 | ||
858377e4 SH |
3503 | WRAP_API_1(int, lxcapi_snapshot, const char *) |
3504 | ||
f5dd1d53 SH |
3505 | static void lxcsnap_free(struct lxc_snapshot *s) |
3506 | { | |
f10fad2f ME |
3507 | free(s->name); |
3508 | free(s->comment_pathname); | |
3509 | free(s->timestamp); | |
3510 | free(s->lxcpath); | |
f5dd1d53 SH |
3511 | } |
3512 | ||
3513 | static char *get_snapcomment_path(char* snappath, char *name) | |
3514 | { | |
3515 | // $snappath/$name/comment | |
3516 | int ret, len = strlen(snappath) + strlen(name) + 10; | |
3517 | char *s = malloc(len); | |
3518 | ||
3519 | if (s) { | |
3520 | ret = snprintf(s, len, "%s/%s/comment", snappath, name); | |
3521 | if (ret < 0 || ret >= len) { | |
3522 | free(s); | |
3523 | s = NULL; | |
3524 | } | |
3525 | } | |
3526 | return s; | |
3527 | } | |
3528 | ||
3529 | static char *get_timestamp(char* snappath, char *name) | |
3530 | { | |
3531 | char path[MAXPATHLEN], *s = NULL; | |
3532 | int ret, len; | |
3533 | FILE *fin; | |
3534 | ||
3535 | ret = snprintf(path, MAXPATHLEN, "%s/%s/ts", snappath, name); | |
3536 | if (ret < 0 || ret >= MAXPATHLEN) | |
3537 | return NULL; | |
025ed0f3 | 3538 | fin = fopen(path, "r"); |
025ed0f3 | 3539 | if (!fin) |
f5dd1d53 SH |
3540 | return NULL; |
3541 | (void) fseek(fin, 0, SEEK_END); | |
3542 | len = ftell(fin); | |
3543 | (void) fseek(fin, 0, SEEK_SET); | |
3544 | if (len > 0) { | |
3545 | s = malloc(len+1); | |
3546 | if (s) { | |
3547 | s[len] = '\0'; | |
3548 | if (fread(s, 1, len, fin) != len) { | |
3549 | SYSERROR("reading timestamp"); | |
3550 | free(s); | |
3551 | s = NULL; | |
3552 | } | |
3553 | } | |
3554 | } | |
3555 | fclose(fin); | |
3556 | return s; | |
3557 | } | |
3558 | ||
858377e4 | 3559 | static int do_lxcapi_snapshot_list(struct lxc_container *c, struct lxc_snapshot **ret_snaps) |
f5dd1d53 SH |
3560 | { |
3561 | char snappath[MAXPATHLEN], path2[MAXPATHLEN]; | |
18aa217b | 3562 | int count = 0, ret; |
74f96976 | 3563 | struct dirent *direntp; |
f5dd1d53 SH |
3564 | struct lxc_snapshot *snaps =NULL, *nsnaps; |
3565 | DIR *dir; | |
3566 | ||
3567 | if (!c || !lxcapi_is_defined(c)) | |
3568 | return -1; | |
c868b261 | 3569 | |
18aa217b | 3570 | if (!get_snappath_dir(c, snappath)) { |
f5dd1d53 SH |
3571 | ERROR("path name too long"); |
3572 | return -1; | |
3573 | } | |
025ed0f3 | 3574 | dir = opendir(snappath); |
025ed0f3 | 3575 | if (!dir) { |
f5dd1d53 SH |
3576 | INFO("failed to open %s - assuming no snapshots", snappath); |
3577 | return 0; | |
3578 | } | |
3579 | ||
74f96976 | 3580 | while ((direntp = readdir(dir))) { |
f5dd1d53 SH |
3581 | if (!direntp) |
3582 | break; | |
3583 | ||
3584 | if (!strcmp(direntp->d_name, ".")) | |
3585 | continue; | |
3586 | ||
3587 | if (!strcmp(direntp->d_name, "..")) | |
3588 | continue; | |
3589 | ||
3590 | ret = snprintf(path2, MAXPATHLEN, "%s/%s/config", snappath, direntp->d_name); | |
3591 | if (ret < 0 || ret >= MAXPATHLEN) { | |
3592 | ERROR("pathname too long"); | |
3593 | goto out_free; | |
3594 | } | |
3595 | if (!file_exists(path2)) | |
3596 | continue; | |
3597 | nsnaps = realloc(snaps, (count + 1)*sizeof(*snaps)); | |
3598 | if (!nsnaps) { | |
3599 | SYSERROR("Out of memory"); | |
3600 | goto out_free; | |
3601 | } | |
3602 | snaps = nsnaps; | |
3603 | snaps[count].free = lxcsnap_free; | |
3604 | snaps[count].name = strdup(direntp->d_name); | |
3605 | if (!snaps[count].name) | |
3606 | goto out_free; | |
3607 | snaps[count].lxcpath = strdup(snappath); | |
3608 | if (!snaps[count].lxcpath) { | |
3609 | free(snaps[count].name); | |
3610 | goto out_free; | |
3611 | } | |
3612 | snaps[count].comment_pathname = get_snapcomment_path(snappath, direntp->d_name); | |
3613 | snaps[count].timestamp = get_timestamp(snappath, direntp->d_name); | |
3614 | count++; | |
3615 | } | |
3616 | ||
3617 | if (closedir(dir)) | |
3618 | WARN("failed to close directory"); | |
3619 | ||
3620 | *ret_snaps = snaps; | |
3621 | return count; | |
3622 | ||
3623 | out_free: | |
3624 | if (snaps) { | |
3625 | int i; | |
3626 | for (i=0; i<count; i++) | |
3627 | lxcsnap_free(&snaps[i]); | |
3628 | free(snaps); | |
3629 | } | |
9baa57bd SH |
3630 | if (closedir(dir)) |
3631 | WARN("failed to close directory"); | |
f5dd1d53 SH |
3632 | return -1; |
3633 | } | |
3634 | ||
858377e4 SH |
3635 | WRAP_API_1(int, lxcapi_snapshot_list, struct lxc_snapshot **) |
3636 | ||
3637 | static bool do_lxcapi_snapshot_restore(struct lxc_container *c, const char *snapname, const char *newname) | |
f5dd1d53 SH |
3638 | { |
3639 | char clonelxcpath[MAXPATHLEN]; | |
18aa217b | 3640 | int flags = 0; |
f5dd1d53 SH |
3641 | struct lxc_container *snap, *rest; |
3642 | struct bdev *bdev; | |
3643 | bool b = false; | |
3644 | ||
3645 | if (!c || !c->name || !c->config_path) | |
3646 | return false; | |
3647 | ||
18aa217b SH |
3648 | if (has_fs_snapshots(c)) { |
3649 | ERROR("container rootfs has dependent snapshots"); | |
3650 | return false; | |
3651 | } | |
3652 | ||
76a26f55 | 3653 | bdev = bdev_init(c->lxc_conf, c->lxc_conf->rootfs.path, c->lxc_conf->rootfs.mount, NULL); |
f5dd1d53 SH |
3654 | if (!bdev) { |
3655 | ERROR("Failed to find original backing store type"); | |
3656 | return false; | |
3657 | } | |
3658 | ||
3659 | if (!newname) | |
3660 | newname = c->name; | |
7e36f87e | 3661 | |
18aa217b | 3662 | if (!get_snappath_dir(c, clonelxcpath)) { |
f5dd1d53 SH |
3663 | bdev_put(bdev); |
3664 | return false; | |
3665 | } | |
3666 | // how should we lock this? | |
3667 | ||
3668 | snap = lxc_container_new(snapname, clonelxcpath); | |
3669 | if (!snap || !lxcapi_is_defined(snap)) { | |
3670 | ERROR("Could not open snapshot %s", snapname); | |
3671 | if (snap) lxc_container_put(snap); | |
3672 | bdev_put(bdev); | |
3673 | return false; | |
3674 | } | |
3675 | ||
7e36f87e | 3676 | if (strcmp(c->name, newname) == 0) { |
18aa217b | 3677 | if (!container_destroy(c)) { |
7e36f87e ÇO |
3678 | ERROR("Could not destroy existing container %s", newname); |
3679 | lxc_container_put(snap); | |
3680 | bdev_put(bdev); | |
3681 | return false; | |
3682 | } | |
3683 | } | |
3684 | ||
de269ee8 SH |
3685 | if (strcmp(bdev->type, "dir") != 0 && strcmp(bdev->type, "loop") != 0) |
3686 | flags = LXC_CLONE_SNAPSHOT | LXC_CLONE_MAYBE_SNAPSHOT; | |
3687 | rest = lxcapi_clone(snap, newname, c->config_path, flags, | |
3688 | bdev->type, NULL, 0, NULL); | |
f5dd1d53 SH |
3689 | bdev_put(bdev); |
3690 | if (rest && lxcapi_is_defined(rest)) | |
3691 | b = true; | |
3692 | if (rest) | |
3693 | lxc_container_put(rest); | |
3694 | lxc_container_put(snap); | |
3695 | return b; | |
3696 | } | |
3697 | ||
858377e4 SH |
3698 | WRAP_API_2(bool, lxcapi_snapshot_restore, const char *, const char *) |
3699 | ||
18aa217b | 3700 | static bool do_snapshot_destroy(const char *snapname, const char *clonelxcpath) |
771d96b3 | 3701 | { |
771d96b3 | 3702 | struct lxc_container *snap = NULL; |
18aa217b | 3703 | bool bret = false; |
771d96b3 ÇO |
3704 | |
3705 | snap = lxc_container_new(snapname, clonelxcpath); | |
18aa217b | 3706 | if (!snap) { |
771d96b3 ÇO |
3707 | ERROR("Could not find snapshot %s", snapname); |
3708 | goto err; | |
3709 | } | |
3710 | ||
858377e4 | 3711 | if (!do_lxcapi_destroy(snap)) { |
771d96b3 ÇO |
3712 | ERROR("Could not destroy snapshot %s", snapname); |
3713 | goto err; | |
3714 | } | |
18aa217b | 3715 | bret = true; |
771d96b3 | 3716 | |
771d96b3 ÇO |
3717 | err: |
3718 | if (snap) | |
3719 | lxc_container_put(snap); | |
18aa217b SH |
3720 | return bret; |
3721 | } | |
3722 | ||
3723 | static bool remove_all_snapshots(const char *path) | |
3724 | { | |
3725 | DIR *dir; | |
74f96976 | 3726 | struct dirent *direntp; |
18aa217b SH |
3727 | bool bret = true; |
3728 | ||
3729 | dir = opendir(path); | |
3730 | if (!dir) { | |
3731 | SYSERROR("opendir on snapshot path %s", path); | |
3732 | return false; | |
3733 | } | |
74f96976 | 3734 | while ((direntp = readdir(dir))) { |
18aa217b SH |
3735 | if (!direntp) |
3736 | break; | |
3737 | if (!strcmp(direntp->d_name, ".")) | |
3738 | continue; | |
3739 | if (!strcmp(direntp->d_name, "..")) | |
3740 | continue; | |
3741 | if (!do_snapshot_destroy(direntp->d_name, path)) { | |
3742 | bret = false; | |
3743 | continue; | |
3744 | } | |
3745 | } | |
3746 | ||
3747 | closedir(dir); | |
3748 | ||
3749 | if (rmdir(path)) | |
3750 | SYSERROR("Error removing directory %s", path); | |
3751 | ||
3752 | return bret; | |
3753 | } | |
3754 | ||
858377e4 | 3755 | static bool do_lxcapi_snapshot_destroy(struct lxc_container *c, const char *snapname) |
18aa217b SH |
3756 | { |
3757 | char clonelxcpath[MAXPATHLEN]; | |
3758 | ||
3759 | if (!c || !c->name || !c->config_path || !snapname) | |
3760 | return false; | |
3761 | ||
3762 | if (!get_snappath_dir(c, clonelxcpath)) | |
3763 | return false; | |
3764 | ||
3765 | return do_snapshot_destroy(snapname, clonelxcpath); | |
3766 | } | |
3767 | ||
858377e4 SH |
3768 | WRAP_API_1(bool, lxcapi_snapshot_destroy, const char *) |
3769 | ||
3770 | static bool do_lxcapi_snapshot_destroy_all(struct lxc_container *c) | |
18aa217b SH |
3771 | { |
3772 | char clonelxcpath[MAXPATHLEN]; | |
3773 | ||
3774 | if (!c || !c->name || !c->config_path) | |
3775 | return false; | |
3776 | ||
3777 | if (!get_snappath_dir(c, clonelxcpath)) | |
3778 | return false; | |
3779 | ||
3780 | return remove_all_snapshots(clonelxcpath); | |
771d96b3 ÇO |
3781 | } |
3782 | ||
858377e4 SH |
3783 | WRAP_API(bool, lxcapi_snapshot_destroy_all) |
3784 | ||
3785 | static bool do_lxcapi_may_control(struct lxc_container *c) | |
b494d2dd SH |
3786 | { |
3787 | return lxc_try_cmd(c->name, c->config_path) == 0; | |
3788 | } | |
3789 | ||
858377e4 SH |
3790 | WRAP_API(bool, lxcapi_may_control) |
3791 | ||
d5aa23e6 SH |
3792 | static bool do_add_remove_node(pid_t init_pid, const char *path, bool add, |
3793 | struct stat *st) | |
3794 | { | |
3795 | char chrootpath[MAXPATHLEN]; | |
3796 | char *directory_path = NULL; | |
3797 | pid_t pid; | |
3798 | int ret; | |
3799 | ||
3800 | if ((pid = fork()) < 0) { | |
3801 | SYSERROR("failed to fork a child helper"); | |
3802 | return false; | |
3803 | } | |
3804 | if (pid) { | |
3805 | if (wait_for_pid(pid) != 0) { | |
3806 | ERROR("Failed to create note in guest"); | |
3807 | return false; | |
3808 | } | |
3809 | return true; | |
3810 | } | |
3811 | ||
3812 | /* prepare the path */ | |
3813 | ret = snprintf(chrootpath, MAXPATHLEN, "/proc/%d/root", init_pid); | |
3814 | if (ret < 0 || ret >= MAXPATHLEN) | |
3815 | return false; | |
3816 | ||
6b9324bd | 3817 | if (chroot(chrootpath) < 0) |
d5aa23e6 | 3818 | exit(1); |
6b9324bd | 3819 | if (chdir("/") < 0) |
d5aa23e6 SH |
3820 | exit(1); |
3821 | /* remove path if it exists */ | |
3822 | if(faccessat(AT_FDCWD, path, F_OK, AT_SYMLINK_NOFOLLOW) == 0) { | |
3823 | if (unlink(path) < 0) { | |
3824 | ERROR("unlink failed"); | |
3825 | exit(1); | |
3826 | } | |
3827 | } | |
3828 | if (!add) | |
3829 | exit(0); | |
3830 | ||
3831 | /* create any missing directories */ | |
3832 | directory_path = dirname(strdup(path)); | |
3833 | if (mkdir_p(directory_path, 0755) < 0 && errno != EEXIST) { | |
3834 | ERROR("failed to create directory"); | |
3835 | exit(1); | |
3836 | } | |
3837 | ||
3838 | /* create the device node */ | |
3839 | if (mknod(path, st->st_mode, st->st_rdev) < 0) { | |
3840 | ERROR("mknod failed"); | |
3841 | exit(1); | |
3842 | } | |
3843 | ||
3844 | exit(0); | |
3845 | } | |
3846 | ||
f0ca2726 | 3847 | static bool add_remove_device_node(struct lxc_container *c, const char *src_path, const char *dest_path, bool add) |
a9a0ed90 ÇO |
3848 | { |
3849 | int ret; | |
3850 | struct stat st; | |
a9a0ed90 | 3851 | char value[MAX_BUFFER]; |
f0ca2726 | 3852 | const char *p; |
a9a0ed90 ÇO |
3853 | |
3854 | /* make sure container is running */ | |
858377e4 | 3855 | if (!do_lxcapi_is_running(c)) { |
a9a0ed90 | 3856 | ERROR("container is not running"); |
d5aa23e6 | 3857 | return false; |
a9a0ed90 ÇO |
3858 | } |
3859 | ||
3860 | /* use src_path if dest_path is NULL otherwise use dest_path */ | |
3861 | p = dest_path ? dest_path : src_path; | |
3862 | ||
a9a0ed90 ÇO |
3863 | /* make sure we can access p */ |
3864 | if(access(p, F_OK) < 0 || stat(p, &st) < 0) | |
d5aa23e6 | 3865 | return false; |
a9a0ed90 ÇO |
3866 | |
3867 | /* continue if path is character device or block device */ | |
c6a9b0d7 | 3868 | if (S_ISCHR(st.st_mode)) |
a9a0ed90 | 3869 | ret = snprintf(value, MAX_BUFFER, "c %d:%d rwm", major(st.st_rdev), minor(st.st_rdev)); |
c6a9b0d7 | 3870 | else if (S_ISBLK(st.st_mode)) |
a9a0ed90 ÇO |
3871 | ret = snprintf(value, MAX_BUFFER, "b %d:%d rwm", major(st.st_rdev), minor(st.st_rdev)); |
3872 | else | |
d5aa23e6 | 3873 | return false; |
a9a0ed90 ÇO |
3874 | |
3875 | /* check snprintf return code */ | |
3876 | if (ret < 0 || ret >= MAX_BUFFER) | |
d5aa23e6 | 3877 | return false; |
a9a0ed90 | 3878 | |
858377e4 | 3879 | if (!do_add_remove_node(do_lxcapi_init_pid(c), p, add, &st)) |
d5aa23e6 | 3880 | return false; |
a9a0ed90 | 3881 | |
d5aa23e6 | 3882 | /* add or remove device to/from cgroup access list */ |
a9a0ed90 | 3883 | if (add) { |
858377e4 | 3884 | if (!do_lxcapi_set_cgroup_item(c, "devices.allow", value)) { |
a9a0ed90 | 3885 | ERROR("set_cgroup_item failed while adding the device node"); |
d5aa23e6 | 3886 | return false; |
a9a0ed90 ÇO |
3887 | } |
3888 | } else { | |
858377e4 | 3889 | if (!do_lxcapi_set_cgroup_item(c, "devices.deny", value)) { |
a9a0ed90 | 3890 | ERROR("set_cgroup_item failed while removing the device node"); |
d5aa23e6 | 3891 | return false; |
a9a0ed90 ÇO |
3892 | } |
3893 | } | |
d5aa23e6 | 3894 | |
a9a0ed90 | 3895 | return true; |
a9a0ed90 ÇO |
3896 | } |
3897 | ||
858377e4 | 3898 | static bool do_lxcapi_add_device_node(struct lxc_container *c, const char *src_path, const char *dest_path) |
a9a0ed90 | 3899 | { |
c868b261 ÇO |
3900 | if (am_unpriv()) { |
3901 | ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__); | |
3902 | return false; | |
3903 | } | |
a9a0ed90 ÇO |
3904 | return add_remove_device_node(c, src_path, dest_path, true); |
3905 | } | |
3906 | ||
858377e4 SH |
3907 | WRAP_API_2(bool, lxcapi_add_device_node, const char *, const char *) |
3908 | ||
3909 | static bool do_lxcapi_remove_device_node(struct lxc_container *c, const char *src_path, const char *dest_path) | |
a9a0ed90 | 3910 | { |
c868b261 ÇO |
3911 | if (am_unpriv()) { |
3912 | ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__); | |
3913 | return false; | |
3914 | } | |
a9a0ed90 ÇO |
3915 | return add_remove_device_node(c, src_path, dest_path, false); |
3916 | } | |
3917 | ||
858377e4 SH |
3918 | WRAP_API_2(bool, lxcapi_remove_device_node, const char *, const char *) |
3919 | ||
3920 | static bool do_lxcapi_attach_interface(struct lxc_container *c, const char *ifname, | |
e58fae8f DY |
3921 | const char *dst_ifname) |
3922 | { | |
3923 | int ret = 0; | |
3924 | if (am_unpriv()) { | |
3925 | ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__); | |
3926 | return false; | |
3927 | } | |
3928 | ||
3929 | if (!ifname) { | |
3930 | ERROR("No source interface name given"); | |
3931 | return false; | |
3932 | } | |
3933 | ||
3934 | ret = lxc_netdev_isup(ifname); | |
e58fae8f | 3935 | |
e5848d39 SH |
3936 | if (ret > 0) { |
3937 | /* netdev of ifname is up. */ | |
e58fae8f DY |
3938 | ret = lxc_netdev_down(ifname); |
3939 | if (ret) | |
3940 | goto err; | |
3941 | } | |
3942 | ||
858377e4 | 3943 | ret = lxc_netdev_move_by_name(ifname, do_lxcapi_init_pid(c), dst_ifname); |
e58fae8f DY |
3944 | if (ret) |
3945 | goto err; | |
3946 | ||
3947 | return true; | |
e5848d39 | 3948 | |
e58fae8f | 3949 | err: |
e58fae8f DY |
3950 | return false; |
3951 | } | |
3952 | ||
858377e4 SH |
3953 | WRAP_API_2(bool, lxcapi_attach_interface, const char *, const char *) |
3954 | ||
3955 | static bool do_lxcapi_detach_interface(struct lxc_container *c, const char *ifname, | |
e58fae8f DY |
3956 | const char *dst_ifname) |
3957 | { | |
3958 | pid_t pid, pid_outside; | |
3959 | ||
3960 | if (am_unpriv()) { | |
3961 | ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__); | |
3962 | return false; | |
3963 | } | |
3964 | ||
3965 | if (!ifname) { | |
3966 | ERROR("No source interface name given"); | |
3967 | return false; | |
3968 | } | |
3969 | ||
3970 | pid_outside = getpid(); | |
3971 | pid = fork(); | |
3972 | if (pid < 0) { | |
3973 | ERROR("failed to fork task to get interfaces information"); | |
3974 | return false; | |
3975 | } | |
3976 | ||
3977 | if (pid == 0) { // child | |
3978 | int ret = 0; | |
e0f59189 | 3979 | if (!enter_net_ns(c)) { |
e58fae8f DY |
3980 | ERROR("failed to enter namespace"); |
3981 | exit(-1); | |
3982 | } | |
3983 | ||
3984 | ret = lxc_netdev_isup(ifname); | |
3985 | if (ret < 0) | |
3986 | exit(ret); | |
3987 | ||
3988 | /* netdev of ifname is up. */ | |
3989 | if (ret) { | |
3990 | ret = lxc_netdev_down(ifname); | |
3991 | if (ret) | |
3992 | exit(ret); | |
3993 | } | |
3994 | ||
3995 | ret = lxc_netdev_move_by_name(ifname, pid_outside, dst_ifname); | |
3996 | ||
3997 | /* -EINVAL means there is no netdev named as ifanme. */ | |
3998 | if (ret == -EINVAL) { | |
3999 | ERROR("No network device named as %s.", ifname); | |
4000 | } | |
4001 | exit(ret); | |
4002 | } | |
4003 | ||
4004 | if (wait_for_pid(pid) != 0) | |
4005 | return false; | |
4006 | ||
4007 | return true; | |
4008 | } | |
4009 | ||
858377e4 SH |
4010 | WRAP_API_2(bool, lxcapi_detach_interface, const char *, const char *) |
4011 | ||
aef3d51e TA |
4012 | static int do_lxcapi_migrate(struct lxc_container *c, unsigned int cmd, |
4013 | struct migrate_opts *opts, unsigned int size) | |
bbd4e13e | 4014 | { |
aef3d51e | 4015 | int ret; |
2cb80427 | 4016 | struct migrate_opts *valid_opts = opts; |
85c50991 | 4017 | |
aef3d51e TA |
4018 | /* If the caller has a bigger (newer) struct migrate_opts, let's make |
4019 | * sure that the stuff on the end is zero, i.e. that they didn't ask us | |
4020 | * to do anything special. | |
4021 | */ | |
4022 | if (size > sizeof(*opts)) { | |
4023 | unsigned char *addr; | |
4024 | unsigned char *end; | |
4025 | ||
4026 | addr = (void *)opts + sizeof(*opts); | |
4027 | end = (void *)opts + size; | |
4028 | for (; addr < end; addr++) { | |
4029 | if (*addr) { | |
4030 | return -E2BIG; | |
4031 | } | |
4032 | } | |
85c50991 TA |
4033 | } |
4034 | ||
2cb80427 TA |
4035 | /* If the caller has a smaller struct, let's zero out the end for them |
4036 | * so we don't accidentally use bits of it that they didn't know about | |
4037 | * to initialize. | |
4038 | */ | |
4039 | if (size < sizeof(*opts)) { | |
4040 | valid_opts = malloc(sizeof(*opts)); | |
4041 | if (!valid_opts) | |
4042 | return -ENOMEM; | |
4043 | ||
4044 | memset(valid_opts, 0, sizeof(*opts)); | |
4045 | memcpy(valid_opts, opts, size); | |
4046 | } | |
4047 | ||
aef3d51e TA |
4048 | switch (cmd) { |
4049 | case MIGRATE_PRE_DUMP: | |
7ad13c91 TA |
4050 | if (!do_lxcapi_is_running(c)) { |
4051 | ERROR("container is not running"); | |
4052 | return false; | |
4053 | } | |
2cb80427 | 4054 | ret = !__criu_pre_dump(c, valid_opts); |
aef3d51e TA |
4055 | break; |
4056 | case MIGRATE_DUMP: | |
7ad13c91 TA |
4057 | if (!do_lxcapi_is_running(c)) { |
4058 | ERROR("container is not running"); | |
4059 | return false; | |
4060 | } | |
2cb80427 | 4061 | ret = !__criu_dump(c, valid_opts); |
aef3d51e TA |
4062 | break; |
4063 | case MIGRATE_RESTORE: | |
7ad13c91 TA |
4064 | if (do_lxcapi_is_running(c)) { |
4065 | ERROR("container is already running"); | |
4066 | return false; | |
4067 | } | |
2cb80427 | 4068 | ret = !__criu_restore(c, valid_opts); |
aef3d51e TA |
4069 | break; |
4070 | default: | |
4071 | ERROR("invalid migrate command %u", cmd); | |
4072 | ret = -EINVAL; | |
4073 | } | |
735f2c6e | 4074 | |
f686506d TA |
4075 | if (size < sizeof(*opts)) |
4076 | free(valid_opts); | |
4077 | ||
aef3d51e TA |
4078 | return ret; |
4079 | } | |
735f2c6e | 4080 | |
aef3d51e | 4081 | WRAP_API_3(int, lxcapi_migrate, unsigned int, struct migrate_opts *, unsigned int) |
735f2c6e | 4082 | |
aef3d51e TA |
4083 | static bool do_lxcapi_checkpoint(struct lxc_container *c, char *directory, bool stop, bool verbose) |
4084 | { | |
ebb088e1 AR |
4085 | struct migrate_opts opts; |
4086 | ||
4087 | memset(&opts, 0, sizeof(opts)); | |
4088 | ||
4089 | opts.directory = directory; | |
4090 | opts.stop = stop; | |
4091 | opts.verbose = verbose; | |
735f2c6e | 4092 | |
aef3d51e | 4093 | return !do_lxcapi_migrate(c, MIGRATE_DUMP, &opts, sizeof(opts)); |
735f2c6e TA |
4094 | } |
4095 | ||
858377e4 SH |
4096 | WRAP_API_3(bool, lxcapi_checkpoint, char *, bool, bool) |
4097 | ||
4098 | static bool do_lxcapi_restore(struct lxc_container *c, char *directory, bool verbose) | |
c9d8f2ee | 4099 | { |
ebb088e1 AR |
4100 | struct migrate_opts opts; |
4101 | ||
4102 | memset(&opts, 0, sizeof(opts)); | |
4103 | ||
4104 | opts.directory = directory; | |
4105 | opts.verbose = verbose; | |
c9d8f2ee | 4106 | |
aef3d51e | 4107 | return !do_lxcapi_migrate(c, MIGRATE_RESTORE, &opts, sizeof(opts)); |
735f2c6e TA |
4108 | } |
4109 | ||
858377e4 SH |
4110 | WRAP_API_2(bool, lxcapi_restore, char *, bool) |
4111 | ||
a0e93eeb CS |
4112 | static int lxcapi_attach_run_waitl(struct lxc_container *c, lxc_attach_options_t *options, const char *program, const char *arg, ...) |
4113 | { | |
4114 | va_list ap; | |
4115 | const char **argv; | |
4116 | int ret; | |
4117 | ||
4118 | if (!c) | |
4119 | return -1; | |
4120 | ||
858377e4 SH |
4121 | current_config = c->lxc_conf; |
4122 | ||
a0e93eeb CS |
4123 | va_start(ap, arg); |
4124 | argv = lxc_va_arg_list_to_argv_const(ap, 1); | |
4125 | va_end(ap); | |
4126 | ||
4127 | if (!argv) { | |
4128 | ERROR("Memory allocation error."); | |
858377e4 SH |
4129 | ret = -1; |
4130 | goto out; | |
a0e93eeb CS |
4131 | } |
4132 | argv[0] = arg; | |
4133 | ||
858377e4 | 4134 | ret = do_lxcapi_attach_run_wait(c, options, program, (const char * const *)argv); |
a0e93eeb | 4135 | free((void*)argv); |
858377e4 SH |
4136 | out: |
4137 | current_config = NULL; | |
a0e93eeb CS |
4138 | return ret; |
4139 | } | |
4140 | ||
afeecbba | 4141 | struct lxc_container *lxc_container_new(const char *name, const char *configpath) |
72d0e1cb SG |
4142 | { |
4143 | struct lxc_container *c; | |
72d0e1cb | 4144 | |
18aa217b SH |
4145 | if (!name) |
4146 | return NULL; | |
4147 | ||
72d0e1cb SG |
4148 | c = malloc(sizeof(*c)); |
4149 | if (!c) { | |
4150 | fprintf(stderr, "failed to malloc lxc_container\n"); | |
4151 | return NULL; | |
4152 | } | |
4153 | memset(c, 0, sizeof(*c)); | |
4154 | ||
afeecbba SH |
4155 | if (configpath) |
4156 | c->config_path = strdup(configpath); | |
4157 | else | |
593e8478 | 4158 | c->config_path = strdup(lxc_global_config_value("lxc.lxcpath")); |
afeecbba | 4159 | |
2a59a681 | 4160 | if (!c->config_path) { |
03fadd16 | 4161 | fprintf(stderr, "Out of memory\n"); |
2a59a681 SH |
4162 | goto err; |
4163 | } | |
4164 | ||
f5dd1d53 | 4165 | remove_trailing_slashes(c->config_path); |
72d0e1cb SG |
4166 | c->name = malloc(strlen(name)+1); |
4167 | if (!c->name) { | |
4168 | fprintf(stderr, "Error allocating lxc_container name\n"); | |
4169 | goto err; | |
4170 | } | |
4171 | strcpy(c->name, name); | |
4172 | ||
4173 | c->numthreads = 1; | |
df271a59 | 4174 | if (!(c->slock = lxc_newlock(c->config_path, name))) { |
72d0e1cb SG |
4175 | fprintf(stderr, "failed to create lock\n"); |
4176 | goto err; | |
4177 | } | |
4178 | ||
df271a59 | 4179 | if (!(c->privlock = lxc_newlock(NULL, NULL))) { |
72d0e1cb SG |
4180 | fprintf(stderr, "failed to alloc privlock\n"); |
4181 | goto err; | |
4182 | } | |
4183 | ||
afeecbba | 4184 | if (!set_config_filename(c)) { |
72d0e1cb SG |
4185 | fprintf(stderr, "Error allocating config file pathname\n"); |
4186 | goto err; | |
4187 | } | |
72d0e1cb | 4188 | |
bac806d1 SH |
4189 | if (file_exists(c->configfile) && !lxcapi_load_config(c, NULL)) |
4190 | goto err; | |
72d0e1cb | 4191 | |
3e625e2d SH |
4192 | if (ongoing_create(c) == 2) { |
4193 | ERROR("Error: %s creation was not completed", c->name); | |
18aa217b | 4194 | container_destroy(c); |
4df7f012 | 4195 | lxcapi_clear_config(c); |
3e625e2d | 4196 | } |
a2739df5 | 4197 | c->daemonize = true; |
72cf75fa | 4198 | c->pidfile = NULL; |
3e625e2d | 4199 | |
72d0e1cb SG |
4200 | // assign the member functions |
4201 | c->is_defined = lxcapi_is_defined; | |
4202 | c->state = lxcapi_state; | |
4203 | c->is_running = lxcapi_is_running; | |
4204 | c->freeze = lxcapi_freeze; | |
4205 | c->unfreeze = lxcapi_unfreeze; | |
0115f8fd | 4206 | c->console = lxcapi_console; |
b5159817 | 4207 | c->console_getfd = lxcapi_console_getfd; |
72d0e1cb SG |
4208 | c->init_pid = lxcapi_init_pid; |
4209 | c->load_config = lxcapi_load_config; | |
4210 | c->want_daemonize = lxcapi_want_daemonize; | |
130a1888 | 4211 | c->want_close_all_fds = lxcapi_want_close_all_fds; |
72d0e1cb SG |
4212 | c->start = lxcapi_start; |
4213 | c->startl = lxcapi_startl; | |
4214 | c->stop = lxcapi_stop; | |
4215 | c->config_file_name = lxcapi_config_file_name; | |
4216 | c->wait = lxcapi_wait; | |
4217 | c->set_config_item = lxcapi_set_config_item; | |
4218 | c->destroy = lxcapi_destroy; | |
18aa217b | 4219 | c->destroy_with_snapshots = lxcapi_destroy_with_snapshots; |
06e5650e | 4220 | c->rename = lxcapi_rename; |
72d0e1cb SG |
4221 | c->save_config = lxcapi_save_config; |
4222 | c->get_keys = lxcapi_get_keys; | |
4223 | c->create = lxcapi_create; | |
4224 | c->createl = lxcapi_createl; | |
4225 | c->shutdown = lxcapi_shutdown; | |
3e625e2d | 4226 | c->reboot = lxcapi_reboot; |
4df7f012 | 4227 | c->clear_config = lxcapi_clear_config; |
72d0e1cb SG |
4228 | c->clear_config_item = lxcapi_clear_config_item; |
4229 | c->get_config_item = lxcapi_get_config_item; | |
8ac18377 | 4230 | c->get_running_config_item = lxcapi_get_running_config_item; |
794dd120 SH |
4231 | c->get_cgroup_item = lxcapi_get_cgroup_item; |
4232 | c->set_cgroup_item = lxcapi_set_cgroup_item; | |
2a59a681 SH |
4233 | c->get_config_path = lxcapi_get_config_path; |
4234 | c->set_config_path = lxcapi_set_config_path; | |
9be53773 | 4235 | c->clone = lxcapi_clone; |
799f29ab | 4236 | c->get_interfaces = lxcapi_get_interfaces; |
9c83a661 | 4237 | c->get_ips = lxcapi_get_ips; |
a0e93eeb CS |
4238 | c->attach = lxcapi_attach; |
4239 | c->attach_run_wait = lxcapi_attach_run_wait; | |
4240 | c->attach_run_waitl = lxcapi_attach_run_waitl; | |
f5dd1d53 SH |
4241 | c->snapshot = lxcapi_snapshot; |
4242 | c->snapshot_list = lxcapi_snapshot_list; | |
4243 | c->snapshot_restore = lxcapi_snapshot_restore; | |
771d96b3 | 4244 | c->snapshot_destroy = lxcapi_snapshot_destroy; |
18aa217b | 4245 | c->snapshot_destroy_all = lxcapi_snapshot_destroy_all; |
b494d2dd | 4246 | c->may_control = lxcapi_may_control; |
a9a0ed90 ÇO |
4247 | c->add_device_node = lxcapi_add_device_node; |
4248 | c->remove_device_node = lxcapi_remove_device_node; | |
e58fae8f DY |
4249 | c->attach_interface = lxcapi_attach_interface; |
4250 | c->detach_interface = lxcapi_detach_interface; | |
735f2c6e TA |
4251 | c->checkpoint = lxcapi_checkpoint; |
4252 | c->restore = lxcapi_restore; | |
aef3d51e | 4253 | c->migrate = lxcapi_migrate; |
72d0e1cb | 4254 | |
72d0e1cb SG |
4255 | return c; |
4256 | ||
4257 | err: | |
4258 | lxc_container_free(c); | |
4259 | return NULL; | |
4260 | } | |
4261 | ||
4a7c7daa | 4262 | int lxc_get_wait_states(const char **states) |
72d0e1cb SG |
4263 | { |
4264 | int i; | |
4265 | ||
4266 | if (states) | |
4267 | for (i=0; i<MAX_STATE; i++) | |
4268 | states[i] = lxc_state2str(i); | |
4269 | return MAX_STATE; | |
4270 | } | |
a41f104b | 4271 | |
a41f104b SH |
4272 | /* |
4273 | * These next two could probably be done smarter with reusing a common function | |
4274 | * with different iterators and tests... | |
4275 | */ | |
4276 | int list_defined_containers(const char *lxcpath, char ***names, struct lxc_container ***cret) | |
4277 | { | |
4278 | DIR *dir; | |
4279 | int i, cfound = 0, nfound = 0; | |
74f96976 | 4280 | struct dirent *direntp; |
a41f104b SH |
4281 | struct lxc_container *c; |
4282 | ||
4283 | if (!lxcpath) | |
593e8478 | 4284 | lxcpath = lxc_global_config_value("lxc.lxcpath"); |
a41f104b | 4285 | |
a41f104b | 4286 | dir = opendir(lxcpath); |
a41f104b SH |
4287 | if (!dir) { |
4288 | SYSERROR("opendir on lxcpath"); | |
4289 | return -1; | |
4290 | } | |
4291 | ||
4292 | if (cret) | |
4293 | *cret = NULL; | |
4294 | if (names) | |
4295 | *names = NULL; | |
4296 | ||
74f96976 | 4297 | while ((direntp = readdir(dir))) { |
a41f104b SH |
4298 | if (!direntp) |
4299 | break; | |
e4ebeab1 CALP |
4300 | |
4301 | // Ignore '.', '..' and any hidden directory | |
4302 | if (!strncmp(direntp->d_name, ".", 1)) | |
a41f104b SH |
4303 | continue; |
4304 | ||
4305 | if (!config_file_exists(lxcpath, direntp->d_name)) | |
4306 | continue; | |
4307 | ||
4308 | if (names) { | |
9c88ff1f | 4309 | if (!add_to_array(names, direntp->d_name, cfound)) |
a41f104b SH |
4310 | goto free_bad; |
4311 | } | |
4312 | cfound++; | |
4313 | ||
4314 | if (!cret) { | |
4315 | nfound++; | |
4316 | continue; | |
4317 | } | |
4318 | ||
4319 | c = lxc_container_new(direntp->d_name, lxcpath); | |
4320 | if (!c) { | |
4321 | INFO("Container %s:%s has a config but could not be loaded", | |
4322 | lxcpath, direntp->d_name); | |
4323 | if (names) | |
9c88ff1f ÇO |
4324 | if(!remove_from_array(names, direntp->d_name, cfound--)) |
4325 | goto free_bad; | |
a41f104b SH |
4326 | continue; |
4327 | } | |
858377e4 | 4328 | if (!do_lxcapi_is_defined(c)) { |
a41f104b SH |
4329 | INFO("Container %s:%s has a config but is not defined", |
4330 | lxcpath, direntp->d_name); | |
4331 | if (names) | |
9c88ff1f ÇO |
4332 | if(!remove_from_array(names, direntp->d_name, cfound--)) |
4333 | goto free_bad; | |
a41f104b SH |
4334 | lxc_container_put(c); |
4335 | continue; | |
4336 | } | |
4337 | ||
2871830a | 4338 | if (!add_to_clist(cret, c, nfound, true)) { |
a41f104b SH |
4339 | lxc_container_put(c); |
4340 | goto free_bad; | |
4341 | } | |
4342 | nfound++; | |
4343 | } | |
4344 | ||
a41f104b | 4345 | closedir(dir); |
a41f104b SH |
4346 | return nfound; |
4347 | ||
4348 | free_bad: | |
4349 | if (names && *names) { | |
4350 | for (i=0; i<cfound; i++) | |
4351 | free((*names)[i]); | |
4352 | free(*names); | |
4353 | } | |
4354 | if (cret && *cret) { | |
4355 | for (i=0; i<nfound; i++) | |
4356 | lxc_container_put((*cret)[i]); | |
4357 | free(*cret); | |
4358 | } | |
a41f104b | 4359 | closedir(dir); |
a41f104b SH |
4360 | return -1; |
4361 | } | |
4362 | ||
148a9d27 DE |
4363 | int list_active_containers(const char *lxcpath, char ***nret, |
4364 | struct lxc_container ***cret) | |
a41f104b | 4365 | { |
148a9d27 | 4366 | int i, ret = -1, cret_cnt = 0, ct_name_cnt = 0; |
a41f104b SH |
4367 | int lxcpath_len; |
4368 | char *line = NULL; | |
148a9d27 | 4369 | char **ct_name = NULL; |
a41f104b | 4370 | size_t len = 0; |
97bc2422 | 4371 | struct lxc_container *c = NULL; |
88556fd7 | 4372 | bool is_hashed; |
a41f104b SH |
4373 | |
4374 | if (!lxcpath) | |
593e8478 | 4375 | lxcpath = lxc_global_config_value("lxc.lxcpath"); |
a41f104b SH |
4376 | lxcpath_len = strlen(lxcpath); |
4377 | ||
4378 | if (cret) | |
4379 | *cret = NULL; | |
148a9d27 DE |
4380 | if (nret) |
4381 | *nret = NULL; | |
a41f104b | 4382 | |
a41f104b | 4383 | FILE *f = fopen("/proc/net/unix", "r"); |
a41f104b SH |
4384 | if (!f) |
4385 | return -1; | |
4386 | ||
4387 | while (getline(&line, &len, f) != -1) { | |
88556fd7 | 4388 | |
0f8f9c8a | 4389 | char *p = strrchr(line, ' '), *p2; |
a41f104b SH |
4390 | if (!p) |
4391 | continue; | |
4392 | p++; | |
4393 | if (*p != 0x40) | |
4394 | continue; | |
4395 | p++; | |
88556fd7 ÇO |
4396 | |
4397 | is_hashed = false; | |
4398 | if (strncmp(p, lxcpath, lxcpath_len) == 0) { | |
4399 | p += lxcpath_len; | |
4400 | } else if (strncmp(p, "lxc/", 4) == 0) { | |
4401 | p += 4; | |
4402 | is_hashed = true; | |
4403 | } else { | |
a41f104b | 4404 | continue; |
88556fd7 ÇO |
4405 | } |
4406 | ||
a41f104b SH |
4407 | while (*p == '/') |
4408 | p++; | |
4409 | ||
4410 | // Now p is the start of lxc_name | |
46cd2845 | 4411 | p2 = strchr(p, '/'); |
a41f104b SH |
4412 | if (!p2 || strncmp(p2, "/command", 8) != 0) |
4413 | continue; | |
4414 | *p2 = '\0'; | |
4415 | ||
88556fd7 | 4416 | if (is_hashed) { |
899a9f55 CB |
4417 | char *recvpath = lxc_cmd_get_lxcpath(p); |
4418 | if (!recvpath) | |
4419 | continue; | |
4420 | if (strncmp(lxcpath, recvpath, lxcpath_len) != 0) | |
88556fd7 ÇO |
4421 | continue; |
4422 | p = lxc_cmd_get_name(p); | |
4423 | } | |
4424 | ||
148a9d27 | 4425 | if (array_contains(&ct_name, p, ct_name_cnt)) |
9c88ff1f ÇO |
4426 | continue; |
4427 | ||
148a9d27 DE |
4428 | if (!add_to_array(&ct_name, p, ct_name_cnt)) |
4429 | goto free_cret_list; | |
9c88ff1f | 4430 | |
148a9d27 | 4431 | ct_name_cnt++; |
a41f104b | 4432 | |
148a9d27 | 4433 | if (!cret) |
a41f104b | 4434 | continue; |
a41f104b SH |
4435 | |
4436 | c = lxc_container_new(p, lxcpath); | |
4437 | if (!c) { | |
4438 | INFO("Container %s:%s is running but could not be loaded", | |
4439 | lxcpath, p); | |
148a9d27 | 4440 | remove_from_array(&ct_name, p, ct_name_cnt--); |
a41f104b SH |
4441 | continue; |
4442 | } | |
4443 | ||
4444 | /* | |
4445 | * If this is an anonymous container, then is_defined *can* | |
4446 | * return false. So we don't do that check. Count on the | |
4447 | * fact that the command socket exists. | |
4448 | */ | |
4449 | ||
148a9d27 | 4450 | if (!add_to_clist(cret, c, cret_cnt, true)) { |
a41f104b | 4451 | lxc_container_put(c); |
148a9d27 | 4452 | goto free_cret_list; |
a41f104b | 4453 | } |
148a9d27 | 4454 | cret_cnt++; |
a41f104b SH |
4455 | } |
4456 | ||
97bc2422 CB |
4457 | if (nret && cret && cret_cnt != ct_name_cnt) { |
4458 | if (c) | |
4459 | lxc_container_put(c); | |
4460 | goto free_cret_list; | |
4461 | } | |
4462 | ||
148a9d27 DE |
4463 | ret = ct_name_cnt; |
4464 | if (nret) | |
4465 | *nret = ct_name; | |
4466 | else | |
4467 | goto free_ct_name; | |
4468 | goto out; | |
a41f104b | 4469 | |
148a9d27 | 4470 | free_cret_list: |
a41f104b | 4471 | if (cret && *cret) { |
148a9d27 | 4472 | for (i = 0; i < cret_cnt; i++) |
a41f104b SH |
4473 | lxc_container_put((*cret)[i]); |
4474 | free(*cret); | |
4475 | } | |
148a9d27 DE |
4476 | |
4477 | free_ct_name: | |
4478 | if (ct_name) { | |
4479 | for (i = 0; i < ct_name_cnt; i++) | |
4480 | free(ct_name[i]); | |
4481 | free(ct_name); | |
4482 | } | |
4483 | ||
4484 | out: | |
f10fad2f | 4485 | free(line); |
e853a32d | 4486 | |
a41f104b | 4487 | fclose(f); |
148a9d27 | 4488 | return ret; |
a41f104b | 4489 | } |
2871830a DE |
4490 | |
4491 | int list_all_containers(const char *lxcpath, char ***nret, | |
4492 | struct lxc_container ***cret) | |
4493 | { | |
4494 | int i, ret, active_cnt, ct_cnt, ct_list_cnt; | |
4495 | char **active_name; | |
4496 | char **ct_name; | |
4497 | struct lxc_container **ct_list = NULL; | |
4498 | ||
4499 | ct_cnt = list_defined_containers(lxcpath, &ct_name, NULL); | |
4500 | if (ct_cnt < 0) | |
4501 | return ct_cnt; | |
4502 | ||
4503 | active_cnt = list_active_containers(lxcpath, &active_name, NULL); | |
4504 | if (active_cnt < 0) { | |
4505 | ret = active_cnt; | |
4506 | goto free_ct_name; | |
4507 | } | |
4508 | ||
4509 | for (i = 0; i < active_cnt; i++) { | |
4510 | if (!array_contains(&ct_name, active_name[i], ct_cnt)) { | |
4511 | if (!add_to_array(&ct_name, active_name[i], ct_cnt)) { | |
4512 | ret = -1; | |
4513 | goto free_active_name; | |
4514 | } | |
4515 | ct_cnt++; | |
4516 | } | |
4517 | free(active_name[i]); | |
4518 | active_name[i] = NULL; | |
4519 | } | |
4520 | free(active_name); | |
4521 | active_name = NULL; | |
4522 | active_cnt = 0; | |
4523 | ||
4524 | for (i = 0, ct_list_cnt = 0; i < ct_cnt && cret; i++) { | |
4525 | struct lxc_container *c; | |
4526 | ||
4527 | c = lxc_container_new(ct_name[i], lxcpath); | |
4528 | if (!c) { | |
4529 | WARN("Container %s:%s could not be loaded", lxcpath, ct_name[i]); | |
4530 | remove_from_array(&ct_name, ct_name[i], ct_cnt--); | |
4531 | continue; | |
4532 | } | |
4533 | ||
4534 | if (!add_to_clist(&ct_list, c, ct_list_cnt, false)) { | |
4535 | lxc_container_put(c); | |
4536 | ret = -1; | |
4537 | goto free_ct_list; | |
4538 | } | |
4539 | ct_list_cnt++; | |
4540 | } | |
4541 | ||
4542 | if (cret) | |
4543 | *cret = ct_list; | |
4544 | ||
4545 | if (nret) | |
4546 | *nret = ct_name; | |
4547 | else { | |
4548 | ret = ct_cnt; | |
4549 | goto free_ct_name; | |
4550 | } | |
4551 | return ct_cnt; | |
4552 | ||
4553 | free_ct_list: | |
4554 | for (i = 0; i < ct_list_cnt; i++) { | |
4555 | lxc_container_put(ct_list[i]); | |
4556 | } | |
f10fad2f | 4557 | free(ct_list); |
2871830a DE |
4558 | |
4559 | free_active_name: | |
4560 | for (i = 0; i < active_cnt; i++) { | |
f10fad2f | 4561 | free(active_name[i]); |
2871830a | 4562 | } |
f10fad2f | 4563 | free(active_name); |
2871830a DE |
4564 | |
4565 | free_ct_name: | |
4566 | for (i = 0; i < ct_cnt; i++) { | |
4567 | free(ct_name[i]); | |
4568 | } | |
4569 | free(ct_name); | |
4570 | return ret; | |
4571 | } | |
12461428 CB |
4572 | |
4573 | bool lxc_config_item_is_supported(const char *key) | |
4574 | { | |
4575 | return !!lxc_getconfig(key); | |
4576 | } |